[stable8.2] Ignore certificate file if it starts with file://

2 files changed, 15 insertions, 0 deletions

diff --git a/lib/private/security/certificate.php b/lib/private/security/certificate.php
index 0d7fcc4148d..d28dc24232f 100644
--- a/lib/private/security/certificate.php
+++ b/lib/private/security/certificate.php
@@ -50,6 +50,13 @@ class Certificate implements ICertificate {
 	public function __construct($data, $name) {
 		$this->name = $name;
 		$gmt = new \DateTimeZone('GMT');
+
+		// If string starts with "file://" ignore the certificate
+		$query = 'file://';
+		if(strtolower(substr($data, 0, strlen($query))) === $query) {
+			throw new \Exception('Certificate could not get parsed.');
+		}
+
 		$info = openssl_x509_parse($data);
 		if(!is_array($info)) {
 			throw new \Exception('Certificate could not get parsed.');
diff --git a/tests/lib/security/certificate.php b/tests/lib/security/certificate.php
index 81d159ebd52..82e91c71733 100644
--- a/tests/lib/security/certificate.php
+++ b/tests/lib/security/certificate.php
@@ -50,6 +50,14 @@ class CertificateTest extends \Test\TestCase {
 		$certificate->getIssueDate();
 	}
 
+	/**
+	 * @expectedException \Exception
+	 * @expectedExceptionMessage Certificate could not get parsed.
+	 */
+	function testCertificateStartingWithFileReference() {
+		new Certificate('file://'.__DIR__ . '/../../data/certificates/goodCertificate.crt', 'bar');
+	}
+
 	public function testGetName() {
 		$this->assertSame('GoodCertificate', $this->goodCertificate->getName());
 		$this->assertSame('BadCertificate', $this->invalidCertificate->getName());