[stable8] Ignore certificate file if it starts with file://

2 files changed, 15 insertions, 0 deletions

diff --git a/lib/private/security/certificate.php b/lib/private/security/certificate.php
index 58563550f81..c957a2a6a00 100644
--- a/lib/private/security/certificate.php
+++ b/lib/private/security/certificate.php
@@ -34,6 +34,13 @@ class Certificate implements ICertificate {
 	 */
 	public function __construct($data, $name) {
 		$this->name = $name;
+
+		// If string starts with "file://" ignore the certificate
+		$query = 'file://';
+		if(strtolower(substr($data, 0, strlen($query))) === $query) {
+			throw new \Exception('Certificate could not get parsed.');
+		}
+
 		try {
 			$gmt = new \DateTimeZone('GMT');
 			$info = openssl_x509_parse($data);
diff --git a/tests/lib/security/certificate.php b/tests/lib/security/certificate.php
index 4caacf900e7..e59f06db5c4 100644
--- a/tests/lib/security/certificate.php
+++ b/tests/lib/security/certificate.php
@@ -36,6 +36,14 @@ class CertificateTest extends \Test\TestCase {
 		new Certificate('foo', 'bar');
 	}
 
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Certificate could not get parsed.
+	 */
+	function testCertificateStartingWithFileReference() {
+		new Certificate('file://'.__DIR__ . '/../../data/certificates/goodCertificate.crt', 'bar');
+	}
+
 	function testGetName() {
 		$this->assertSame('GoodCertificate', $this->goodCertificate->getName());
 		$this->assertSame('BadCertificate', $this->invalidCertificate->getName());