Merge pull request #46414 from nextcloud/feat/provide-new-files-config

feat: Add new forbidden filename options to Capabilities
author: Ferdinand Thiessen <opensource@fthiessen.de> 2024-07-11 15:53:25 +0200
committer: GitHub <noreply@github.com> 2024-07-11 15:53:25 +0200
commit: a2ded2005086df9fc8c05beb68452c2cee571203 (patch)
tree: f8905a4e6fc963fd464173a5e2cbdb273bc10468
parent: ead87dfa01282698acafa9600e5e4a52bf306e33 (diff)
parent: a229723b8c65183f8cb7b62f24f7b9c41a2b622b (diff)
download: nextcloud-server-a2ded2005086df9fc8c05beb68452c2cee571203.tar.gz
nextcloud-server-a2ded2005086df9fc8c05beb68452c2cee571203.zip
7 files changed, 50 insertions, 14 deletions
diff --git a/apps/files/lib/Capabilities.php b/apps/files/lib/Capabilities.php
index 9147e7d9f3a..b024307c25b 100644
--- a/apps/files/lib/Capabilities.php
+++ b/apps/files/lib/Capabilities.php
@@ -7,28 +7,31 @@
  */
 namespace OCA\Files;
 
+use OC\Files\FilenameValidator;
 use OCP\Capabilities\ICapability;
-use OCP\IConfig;
 
 class Capabilities implements ICapability {
 
-	protected IConfig $config;
-
-	public function __construct(IConfig $config) {
-		$this->config = $config;
+	public function __construct(
+		protected FilenameValidator $filenameValidator,
+	) {
 	}
 
 	/**
 	 * Return this classes capabilities
 	 *
-	 * @return array{files: array{bigfilechunking: bool, blacklisted_files: array<mixed>, forbidden_filename_characters: array<string>}}
+	 * @return array{files: array{'$comment': ?string, bigfilechunking: bool, blacklisted_files: array<mixed>, forbidden_filenames: list<string>, forbidden_filename_characters: list<string>, forbidden_filename_extensions: list<string>}}
 	 */
-	public function getCapabilities() {
+	public function getCapabilities(): array {
 		return [
 			'files' => [
+				'$comment' => '"blacklisted_files" is deprecated as of Nextcloud 30, use "forbidden_filenames" instead',
+				'blacklisted_files' => $this->filenameValidator->getForbiddenFilenames(),
+				'forbidden_filenames' => $this->filenameValidator->getForbiddenFilenames(),
+				'forbidden_filename_characters' => $this->filenameValidator->getForbiddenCharacters(),
+				'forbidden_filename_extensions' => $this->filenameValidator->getForbiddenExtensions(),
+
 				'bigfilechunking' => true,
-				'blacklisted_files' => (array)$this->config->getSystemValue('blacklisted_files', ['.htaccess']),
-				'forbidden_filename_characters' => \OCP\Util::getForbiddenFileNameChars(),
 			],
 		];
 	}
diff --git a/apps/files/openapi.json b/apps/files/openapi.json
index e00674ccc81..7fc6bc3e0b0 100644
--- a/apps/files/openapi.json
+++ b/apps/files/openapi.json
@@ -29,12 +29,19 @@
                     "files": {
                         "type": "object",
                         "required": [
+                            "$comment",
                             "bigfilechunking",
                             "blacklisted_files",
+                            "forbidden_filenames",
                             "forbidden_filename_characters",
+                            "forbidden_filename_extensions",
                             "directEditing"
                         ],
                         "properties": {
+                            "$comment": {
+                                "type": "string",
+                                "nullable": true
+                            },
                             "bigfilechunking": {
                                 "type": "boolean"
                             },
@@ -44,12 +51,24 @@
                                     "type": "object"
                                 }
                             },
+                            "forbidden_filenames": {
+                                "type": "array",
+                                "items": {
+                                    "type": "string"
+                                }
+                            },
                             "forbidden_filename_characters": {
                                 "type": "array",
                                 "items": {
                                     "type": "string"
                                 }
                             },
+                            "forbidden_filename_extensions": {
+                                "type": "array",
+                                "items": {
+                                    "type": "string"
+                                }
+                            },
                             "directEditing": {
                                 "type": "object",
                                 "required": [
diff --git a/build/integration/features/bootstrap/CapabilitiesContext.php b/build/integration/features/bootstrap/CapabilitiesContext.php
index 79ede6ac8ba..8e98d9fb720 100644
--- a/build/integration/features/bootstrap/CapabilitiesContext.php
+++ b/build/integration/features/bootstrap/CapabilitiesContext.php
@@ -22,7 +22,9 @@ class CapabilitiesContext implements Context, SnippetAcceptingContext {
 	 * @param \Behat\Gherkin\Node\TableNode|null $formData
 	 */
 	public function checkCapabilitiesResponse(\Behat\Gherkin\Node\TableNode $formData) {
-		$capabilitiesXML = simplexml_load_string($this->response->getBody())->data->capabilities;
+		$capabilitiesXML = simplexml_load_string($this->response->getBody());
+		Assert::assertNotFalse($capabilitiesXML, 'Failed to fetch capabilities');
+		$capabilitiesXML = $capabilitiesXML->data->capabilities;
 
 		foreach ($formData->getHash() as $row) {
 			$path_to_element = explode('@@@', $row['path_to_element']);
diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
index 11a6e5827d8..8a6193d2e53 100644
--- a/core/Controller/OCJSController.php
+++ b/core/Controller/OCJSController.php
@@ -8,6 +8,7 @@ namespace OC\Core\Controller;
 use bantu\IniGetWrapper\IniGetWrapper;
 use OC\Authentication\Token\IProvider;
 use OC\CapabilitiesManager;
+use OC\Files\FilenameValidator;
 use OC\Template\JSConfigHelper;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
@@ -44,6 +45,7 @@ class OCJSController extends Controller {
 		CapabilitiesManager $capabilitiesManager,
 		IInitialStateService $initialStateService,
 		IProvider $tokenProvider,
+		FilenameValidator $filenameValidator,
 	) {
 		parent::__construct($appName, $request);
 
@@ -59,7 +61,8 @@ class OCJSController extends Controller {
 			$urlGenerator,
 			$capabilitiesManager,
 			$initialStateService,
-			$tokenProvider
+			$tokenProvider,
+			$filenameValidator,
 		);
 	}
 
diff --git a/lib/private/AppFramework/OCS/BaseResponse.php b/lib/private/AppFramework/OCS/BaseResponse.php
index 2e685de856b..d367574a179 100644
--- a/lib/private/AppFramework/OCS/BaseResponse.php
+++ b/lib/private/AppFramework/OCS/BaseResponse.php
@@ -133,7 +133,9 @@ abstract class BaseResponse extends Response {
 				$v = [];
 			}
 
-			if (\is_array($v)) {
+			if ($k === '$comment') {
+				$writer->writeComment($v);
+			} elseif (\is_array($v)) {
 				$writer->startElement($k);
 				$this->toXML($v, $writer);
 				$writer->endElement();
diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php
index a41e99ae8c4..963c158a793 100644
--- a/lib/private/Template/JSConfigHelper.php
+++ b/lib/private/Template/JSConfigHelper.php
@@ -10,6 +10,7 @@ namespace OC\Template;
 use bantu\IniGetWrapper\IniGetWrapper;
 use OC\Authentication\Token\IProvider;
 use OC\CapabilitiesManager;
+use OC\Files\FilenameValidator;
 use OC\Share\Share;
 use OCP\App\AppPathNotFoundException;
 use OCP\App\IAppManager;
@@ -51,6 +52,7 @@ class JSConfigHelper {
 		protected CapabilitiesManager  $capabilitiesManager,
 		protected IInitialStateService $initialStateService,
 		protected IProvider            $tokenProvider,
+		protected FilenameValidator   $filenameValidator,
 	) {
 	}
 
@@ -132,9 +134,12 @@ class JSConfigHelper {
 		$capabilities = $this->capabilitiesManager->getCapabilities(false, true);
 
 		$config = [
-			'auto_logout' => $this->config->getSystemValue('auto_logout', false),
+			/** @deprecated 30.0.0 - use files capabilities instead */
 			'blacklist_files_regex' => FileInfo::BLACKLIST_FILES_REGEX,
-			'forbidden_filename_characters' => Util::getForbiddenFileNameChars(),
+			/** @deprecated 30.0.0 - use files capabilities instead */
+			'forbidden_filename_characters' => $this->filenameValidator->getForbiddenCharacters(),
+
+			'auto_logout' => $this->config->getSystemValue('auto_logout', false),
 			'loglevel' => $this->config->getSystemValue('loglevel_frontend',
 				$this->config->getSystemValue('loglevel', ILogger::WARN)
 			),
diff --git a/lib/private/TemplateLayout.php b/lib/private/TemplateLayout.php
index 2f6b0209153..7b33f88d4db 100644
--- a/lib/private/TemplateLayout.php
+++ b/lib/private/TemplateLayout.php
@@ -9,6 +9,7 @@ namespace OC;
 
 use bantu\IniGetWrapper\IniGetWrapper;
 use OC\Authentication\Token\IProvider;
+use OC\Files\FilenameValidator;
 use OC\Search\SearchQuery;
 use OC\Template\CSSResourceLocator;
 use OC\Template\JSConfigHelper;
@@ -228,6 +229,7 @@ class TemplateLayout extends \OC_Template {
 				\OC::$server->get(CapabilitiesManager::class),
 				\OCP\Server::get(IInitialStateService::class),
 				\OCP\Server::get(IProvider::class),
+				\OCP\Server::get(FilenameValidator::class),
 			);
 			$config = $jsConfigHelper->getConfig();
 			if (\OC::$server->getContentSecurityPolicyNonceManager()->browserSupportsCspV3()) {
author	Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-11 15:53:25 +0200
committer	GitHub <noreply@github.com>	2024-07-11 15:53:25 +0200
commit	a2ded2005086df9fc8c05beb68452c2cee571203 (patch)
tree	f8905a4e6fc963fd464173a5e2cbdb273bc10468
parent	ead87dfa01282698acafa9600e5e4a52bf306e33 (diff)
parent	a229723b8c65183f8cb7b62f24f7b9c41a2b622b (diff)
download	nextcloud-server-a2ded2005086df9fc8c05beb68452c2cee571203.tar.gz nextcloud-server-a2ded2005086df9fc8c05beb68452c2cee571203.zip