diff options
author | Joas Schilling <coding@schilljs.com> | 2016-11-09 10:58:11 +0100 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-21 09:23:37 +0100 |
commit | 558f169671208fb349bb40de7b6e0abb02097832 (patch) | |
tree | 716c3e8e0ea965c4a592cfe60618019d7554a57f /lib/private/Files | |
parent | 4652d203e37d06b427872888ccb17227c1e0818b (diff) | |
download | nextcloud-server-558f169671208fb349bb40de7b6e0abb02097832.tar.gz nextcloud-server-558f169671208fb349bb40de7b6e0abb02097832.zip |
Move the validation into one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/private/Files')
-rw-r--r-- | lib/private/Files/Cache/Scanner.php | 19 | ||||
-rw-r--r-- | lib/private/Files/Storage/Common.php | 25 | ||||
-rw-r--r-- | lib/private/Files/View.php | 40 |
3 files changed, 43 insertions, 41 deletions
diff --git a/lib/private/Files/Cache/Scanner.php b/lib/private/Files/Cache/Scanner.php index 237934db7a5..8625e4904ca 100644 --- a/lib/private/Files/Cache/Scanner.php +++ b/lib/private/Files/Cache/Scanner.php @@ -131,25 +131,14 @@ class Scanner extends BasicEmitter implements IScanner { * @throws \OCP\Lock\LockedException */ public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) { - - if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) { - // verify database - e.g. mysql only 3-byte chars - if (preg_match('%(?: - \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 - | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 - | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 -)%xs', $file)) { - // 4-byte characters are not supported in file names + if ($file !== '') { + try { + $this->storage->verifyPath(dirname($file), basename($file)); + } catch (\Exception $e) { return null; } } - try { - $this->storage->verifyPath(dirname($file), basename($file)); - } catch (\Exception $e) { - return null; - } - // only proceed if $file is not a partial file nor a blacklisted file if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) { diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php index c975791295d..5561f6a889b 100644 --- a/lib/private/Files/Storage/Common.php +++ b/lib/private/Files/Storage/Common.php @@ -45,8 +45,10 @@ use OC\Files\Cache\Scanner; use OC\Files\Cache\Updater; use OC\Files\Filesystem; use OC\Files\Cache\Watcher; +use OCP\Files\EmptyFileNameException; use OCP\Files\FileNameTooLongException; use OCP\Files\InvalidCharacterInPathException; +use OCP\Files\InvalidDirectoryException; use OCP\Files\InvalidPathException; use OCP\Files\ReservedWordException; use OCP\Files\Storage\ILockingStorage; @@ -487,8 +489,31 @@ abstract class Common implements Storage, ILockingStorage { /** * @inheritdoc + * @throws InvalidPathException */ public function verifyPath($path, $fileName) { + + // verify empty and dot files + $trimmed = trim($fileName); + if ($trimmed === '') { + throw new EmptyFileNameException(); + } + + if (\OC\Files\Filesystem::isIgnoredDir($trimmed)) { + throw new InvalidDirectoryException(); + } + + if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) { + // verify database - e.g. mysql only 3-byte chars + if (preg_match('%(?: + \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 + | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 + | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 +)%xs', $fileName)) { + throw new InvalidCharacterInPathException(); + } + } + if (isset($fileName[255])) { throw new FileNameTooLongException(); } diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 7866f90157e..67f89180994 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -53,8 +53,10 @@ use OC\Files\Storage\Storage; use OC\User\User; use OCP\Constants; use OCP\Files\Cache\ICacheEntry; +use OCP\Files\EmptyFileNameException; use OCP\Files\FileNameTooLongException; use OCP\Files\InvalidCharacterInPathException; +use OCP\Files\InvalidDirectoryException; use OCP\Files\InvalidPathException; use OCP\Files\Mount\IMountPoint; use OCP\Files\NotFoundException; @@ -1788,39 +1790,25 @@ class View { * @throws InvalidPathException */ public function verifyPath($path, $fileName) { - - $l10n = \OC::$server->getL10N('lib'); - - // verify empty and dot files - $trimmed = trim($fileName); - if ($trimmed === '') { - throw new InvalidPathException($l10n->t('Empty filename is not allowed')); - } - if (\OC\Files\Filesystem::isIgnoredDir($trimmed)) { - throw new InvalidPathException($l10n->t('Dot files are not allowed')); - } - - if (!\OC::$server->getDatabaseConnection()->supports4ByteText()) { - // verify database - e.g. mysql only 3-byte chars - if (preg_match('%(?: - \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 - | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 - | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 -)%xs', $fileName)) { - throw new InvalidPathException($l10n->t('4-byte characters are not supported in file names')); - } - } - try { /** @type \OCP\Files\Storage $storage */ list($storage, $internalPath) = $this->resolvePath($path); $storage->verifyPath($internalPath, $fileName); } catch (ReservedWordException $ex) { - throw new InvalidPathException($l10n->t('File name is a reserved word')); + $l = \OC::$server->getL10N('lib'); + throw new InvalidPathException($l->t('File name is a reserved word')); } catch (InvalidCharacterInPathException $ex) { - throw new InvalidPathException($l10n->t('File name contains at least one invalid character')); + $l = \OC::$server->getL10N('lib'); + throw new InvalidPathException($l->t('File name contains at least one invalid character')); } catch (FileNameTooLongException $ex) { - throw new InvalidPathException($l10n->t('File name is too long')); + $l = \OC::$server->getL10N('lib'); + throw new InvalidPathException($l->t('File name is too long')); + } catch (InvalidDirectoryException $ex) { + $l = \OC::$server->getL10N('lib'); + throw new InvalidPathException($l->t('Dot files are not allowed')); + } catch (EmptyFileNameException $ex) { + $l = \OC::$server->getL10N('lib'); + throw new InvalidPathException($l->t('Empty filename is not allowed')); } } |