Merge pull request #24899 from owncloud/local-storage-symlinks

dissalow symlinks in local storages that point outside the datadir

2 files changed, 4 insertions, 0 deletions

diff --git a/apps/dav/lib/Connector/Sabre/Directory.php b/apps/dav/lib/Connector/Sabre/Directory.php
index e7226b58196..ddab34605f3 100644
--- a/apps/dav/lib/Connector/Sabre/Directory.php
+++ b/apps/dav/lib/Connector/Sabre/Directory.php
@@ -196,6 +196,8 @@ class Directory extends \OCA\DAV\Connector\Sabre\Node
 				throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
 			} catch (\OCP\Files\InvalidPathException $ex) {
 				throw new InvalidPath($ex->getMessage());
+			} catch (ForbiddenException $e) {
+				throw new \Sabre\DAV\Exception\Forbidden();
 			}
 		}
 
diff --git a/apps/dav/lib/Connector/Sabre/ObjectTree.php b/apps/dav/lib/Connector/Sabre/ObjectTree.php
index 599f3fdfd0e..9e7d876187d 100644
--- a/apps/dav/lib/Connector/Sabre/ObjectTree.php
+++ b/apps/dav/lib/Connector/Sabre/ObjectTree.php
@@ -161,6 +161,8 @@ class ObjectTree extends \Sabre\DAV\Tree {
 				throw new \Sabre\DAV\Exception\NotFound('Storage ' . $path . ' is invalid');
 			} catch (LockedException $e) {
 				throw new \Sabre\DAV\Exception\Locked();
+			} catch (ForbiddenException $e) {
+				throw new \Sabre\DAV\Exception\Forbidden();
 			}
 		}