diff options
| author | Joas Schilling <coding@schilljs.com> | 2016-12-02 11:05:46 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2016-12-02 11:14:47 +0100 |
| commit | 5a7dfcacc546141cea75bcb13d05af374b3f8723 (patch) | |
| tree | d6af78797b674a117798570ff3c70445a3bb71a0 | |
| parent | 72eb5d14e96c52f0698f4785025bf5520846aed9 (diff) | |
| download | nextcloud-server-5a7dfcacc546141cea75bcb13d05af374b3f8723.tar.gz nextcloud-server-5a7dfcacc546141cea75bcb13d05af374b3f8723.zip | |
Make sure we don't scan files that can not be accessed
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/files/cache/scanner.php | 19 | ||||
| -rw-r--r-- | tests/lib/files/cache/scanner.php | 16 |
2 files changed, 35 insertions, 0 deletions
diff --git a/lib/private/files/cache/scanner.php b/lib/private/files/cache/scanner.php index d5f17f0f990..013af1c2484 100644 --- a/lib/private/files/cache/scanner.php +++ b/lib/private/files/cache/scanner.php @@ -131,6 +131,22 @@ class Scanner extends BasicEmitter implements IScanner { */ public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) { + // verify database - e.g. mysql only 3-byte chars + if (preg_match('%(?: + \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 + | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 + | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 +)%xs', $file)) { + // 4-byte characters are not supported in file names + return null; + } + + try { + $this->storage->verifyPath(dirname($file), basename($file)); + } catch (\Exception $e) { + return null; + } + // only proceed if $file is not a partial file nor a blacklisted file if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) { @@ -162,6 +178,9 @@ class Scanner extends BasicEmitter implements IScanner { // scan the parent if it's not in the cache (id -1) and the current file is not the root folder if ($file and $parentId === -1) { $parentData = $this->scanFile($parent); + if (!$parentData) { + return null; + } $parentId = $parentData['fileid']; } if ($parent) { diff --git a/tests/lib/files/cache/scanner.php b/tests/lib/files/cache/scanner.php index b1eb3f589e8..5ed1135d468 100644 --- a/tests/lib/files/cache/scanner.php +++ b/tests/lib/files/cache/scanner.php @@ -69,6 +69,22 @@ class Scanner extends \Test\TestCase { $this->assertEquals($cachedData['mimetype'], 'image/png'); } + function testFile4Byte() { + $data = "dummy file data\n"; + $this->storage->file_put_contents('foo🙈.txt', $data); + + $this->assertNull($this->scanner->scanFile('foo🙈.txt')); + $this->assertFalse($this->cache->inCache('foo🙈.txt'), true); + } + + function testFileInvalidChars() { + $data = "dummy file data\n"; + $this->storage->file_put_contents("foo\nbar.txt", $data); + + $this->assertNull($this->scanner->scanFile("foo\nbar.txt")); + $this->assertFalse($this->cache->inCache("foo\nbar.txt"), true); + } + private function fillTestFolders() { $textData = "dummy file data\n"; $imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png'); |