diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-05-14 13:13:16 -0700 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-05-14 13:13:16 -0700 |
commit | fdef2a373a173a81e855982543d64e35723145fa (patch) | |
tree | c02b1ec559618a6256bc5c329767f91c732ee4dd /apps | |
parent | 96ff19a703774744f0d3176600e33ca5e250dbf2 (diff) | |
parent | 0d8fa2eb9844f8ed3cf3462f21e5cc607c087541 (diff) | |
download | nextcloud-server-fdef2a373a173a81e855982543d64e35723145fa.tar.gz nextcloud-server-fdef2a373a173a81e855982543d64e35723145fa.zip |
Merge pull request #2821 from owncloud/fix-2159-rename-to-shared
fix allowed rename of folder in root directory to reserved name "Shared"
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files/ajax/rename.php | 53 | ||||
-rw-r--r-- | apps/files/lib/app.php | 79 | ||||
-rw-r--r-- | apps/files/tests/ajax_rename.php | 117 |
3 files changed, 230 insertions, 19 deletions
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php index 9fd2ce3ad4b..f4551858283 100644 --- a/apps/files/ajax/rename.php +++ b/apps/files/ajax/rename.php @@ -1,26 +1,41 @@ <?php -// Init owncloud - +/** + * ownCloud - Core + * + * @author Morris Jobke + * @copyright 2013 Morris Jobke morris.jobke@gmail.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); -// Get data -$dir = stripslashes($_GET["dir"]); -$file = stripslashes($_GET["file"]); -$newname = stripslashes($_GET["newname"]); - -$l = OC_L10N::get('files'); +$files = new \OCA\Files\App( + \OC\Files\Filesystem::getView(), + \OC_L10n::get('files') +); +$result = $files->rename( + $_GET["dir"], + $_GET["file"], + $_GET["newname"] +); -if ( $newname !== '.' and ($dir != '' || $file != 'Shared') and $newname !== '.') { - $targetFile = \OC\Files\Filesystem::normalizePath($dir . '/' . $newname); - $sourceFile = \OC\Files\Filesystem::normalizePath($dir . '/' . $file); - if(\OC\Files\Filesystem::rename($sourceFile, $targetFile)) { - OCP\JSON::success(array("data" => array( "dir" => $dir, "file" => $file, "newname" => $newname ))); - } else { - OCP\JSON::error(array("data" => array( "message" => $l->t("Unable to rename file") ))); - } -}else{ - OCP\JSON::error(array("data" => array( "message" => $l->t("Unable to rename file") ))); -} +if($result['success'] === true){ + OCP\JSON::success(array('data' => $result['data'])); +} else { + OCP\JSON::error(array('data' => $result['data'])); +}
\ No newline at end of file diff --git a/apps/files/lib/app.php b/apps/files/lib/app.php new file mode 100644 index 00000000000..c2a4b9c2675 --- /dev/null +++ b/apps/files/lib/app.php @@ -0,0 +1,79 @@ +<?php + +/** + * ownCloud - Core + * + * @author Morris Jobke + * @copyright 2013 Morris Jobke morris.jobke@gmail.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +namespace OCA\Files; + +class App { + private $l10n; + private $view; + + public function __construct($view, $l10n) { + $this->view = $view; + $this->l10n = $l10n; + } + + /** + * rename a file + * + * @param string $dir + * @param string $oldname + * @param string $newname + * @return array + */ + public function rename($dir, $oldname, $newname) { + $result = array( + 'success' => false, + 'data' => NULL + ); + + // rename to "/Shared" is denied + if( $dir === '/' and $newname === 'Shared' ) { + $result['data'] = array( + 'message' => $this->l10n->t("Invalid folder name. Usage of 'Shared' is reserved by ownCloud") + ); + } elseif( + // rename to "." is denied + $newname !== '.' and + // rename of "/Shared" is denied + !($dir === '/' and $oldname === 'Shared') and + // THEN try to rename + $this->view->rename($dir . '/' . $oldname, $dir . '/' . $newname) + ) { + // successful rename + $result['success'] = true; + $result['data'] = array( + 'dir' => $dir, + 'file' => $oldname, + 'newname' => $newname + ); + } else { + // rename failed + $result['data'] = array( + 'message' => $this->l10n->t('Unable to rename file') + ); + } + return $result; + } + +}
\ No newline at end of file diff --git a/apps/files/tests/ajax_rename.php b/apps/files/tests/ajax_rename.php new file mode 100644 index 00000000000..23e5761ddda --- /dev/null +++ b/apps/files/tests/ajax_rename.php @@ -0,0 +1,117 @@ +<?php + +/** + * ownCloud - Core + * + * @author Morris Jobke + * @copyright 2013 Morris Jobke morris.jobke@gmail.com + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +class Test_OC_Files_App_Rename extends \PHPUnit_Framework_TestCase { + + function setUp() { + // mock OC_L10n + $l10nMock = $this->getMock('\OC_L10N', array('t'), array(), '', false); + $l10nMock->expects($this->any()) + ->method('t') + ->will($this->returnArgument(0)); + $viewMock = $this->getMock('\OC\Files\View', array('rename', 'normalizePath'), array(), '', false); + $viewMock->expects($this->any()) + ->method('normalizePath') + ->will($this->returnArgument(0)); + $viewMock->expects($this->any()) + ->method('rename') + ->will($this->returnValue(true)); + $this->files = new \OCA\Files\App($viewMock, $l10nMock); + } + + /** + * @brief test rename of file/folder named "Shared" + */ + function testRenameSharedFolder() { + $dir = '/'; + $oldname = 'Shared'; + $newname = 'new_name'; + + $result = $this->files->rename($dir, $oldname, $newname); + $expected = array( + 'success' => false, + 'data' => array('message' => 'Unable to rename file') + ); + + $this->assertEquals($expected, $result); + } + + /** + * @brief test rename of file/folder named "Shared" + */ + function testRenameSharedFolderInSubdirectory() { + $dir = '/test'; + $oldname = 'Shared'; + $newname = 'new_name'; + + $result = $this->files->rename($dir, $oldname, $newname); + $expected = array( + 'success' => true, + 'data' => array( + 'dir' => $dir, + 'file' => $oldname, + 'newname' => $newname + ) + ); + + $this->assertEquals($expected, $result); + } + + /** + * @brief test rename of file/folder to "Shared" + */ + function testRenameFolderToShared() { + $dir = '/'; + $oldname = 'oldname'; + $newname = 'Shared'; + + $result = $this->files->rename($dir, $oldname, $newname); + $expected = array( + 'success' => false, + 'data' => array('message' => "Invalid folder name. Usage of 'Shared' is reserved by ownCloud") + ); + + $this->assertEquals($expected, $result); + } + + /** + * @brief test rename of file/folder + */ + function testRenameFolder() { + $dir = '/'; + $oldname = 'oldname'; + $newname = 'newname'; + + $result = $this->files->rename($dir, $oldname, $newname); + $expected = array( + 'success' => true, + 'data' => array( + 'dir' => $dir, + 'file' => $oldname, + 'newname' => $newname + ) + ); + + $this->assertEquals($expected, $result); + } +}
\ No newline at end of file |