diff options
author | Morris Jobke <morris.jobke@gmail.com> | 2013-11-25 00:30:06 -0800 |
---|---|---|
committer | Morris Jobke <morris.jobke@gmail.com> | 2013-11-25 00:30:06 -0800 |
commit | b82146eeee2c969a53dd42cebf06ecfd31a0e286 (patch) | |
tree | 069b4ddfbae3320740de6aa00445ba17a120c528 | |
parent | 60e2ee631a9853a80506d547630e58a6efeace01 (diff) | |
parent | 2d947835b94362982c98caba68aa1073ab466249 (diff) | |
download | nextcloud-server-b82146eeee2c969a53dd42cebf06ecfd31a0e286.tar.gz nextcloud-server-b82146eeee2c969a53dd42cebf06ecfd31a0e286.zip |
Merge pull request #5991 from owncloud/extstorage-mountpointvalidation
Prevent using root as mount point for external storage
-rwxr-xr-x | apps/files_external/lib/config.php | 5 | ||||
-rw-r--r-- | apps/files_external/tests/mountconfig.php | 51 |
2 files changed, 56 insertions, 0 deletions
diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php index 43643076519..aaa6c5be1a0 100755 --- a/apps/files_external/lib/config.php +++ b/apps/files_external/lib/config.php @@ -266,6 +266,11 @@ class OC_Mount_Config { $mountType, $applicable, $isPersonal = false) { + $mountPoint = OC\Files\Filesystem::normalizePath($mountPoint); + if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') { + // can't mount at root or "Shared" folder + return false; + } if ($isPersonal) { // Verify that the mount point applies for the current user // Prevent non-admin users from mounting local storage diff --git a/apps/files_external/tests/mountconfig.php b/apps/files_external/tests/mountconfig.php new file mode 100644 index 00000000000..941aec680bb --- /dev/null +++ b/apps/files_external/tests/mountconfig.php @@ -0,0 +1,51 @@ +<?php +/** + * ownCloud + * + * @author Vincent Petry + * Copyright (c) 2013 Vincent Petry <pvince81@owncloud.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +require_once __DIR__ . '/../../../lib/base.php'; + +require __DIR__ . '/../lib/config.php'; + +class Test_Mount_Config_Dummy_Storage { + public function test() { + return true; + } +} + +/** + * Class Test_Mount_Config + */ +class Test_Mount_Config extends \PHPUnit_Framework_TestCase { + /** + * Test mount point validation + */ + public function testAddMountPointValidation() { + $storageClass = 'Test_Mount_Config_Dummy_Storage'; + $mountType = 'user'; + $applicable = 'all'; + $isPersonal = false; + $this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal)); + $this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal)); + $this->assertEquals(false, OC_Mount_Config::addMountPoint('Shared', $storageClass, array(), $mountType, $applicable, $isPersonal)); + $this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal)); + + } +} |