diff options
author | Robin Appelman <robin@icewind.nl> | 2020-06-19 14:57:58 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2021-03-24 17:13:09 +0100 |
commit | aee4caed07bbb8739befd80c686e1f56943c4d12 (patch) | |
tree | 4e31cd860b486a281556b00ded552cfdcaf82b44 /lib/private/Files | |
parent | 6e40c2fb52976e268821ae365c52dbb5253430a9 (diff) | |
download | nextcloud-server-aee4caed07bbb8739befd80c686e1f56943c4d12.tar.gz nextcloud-server-aee4caed07bbb8739befd80c686e1f56943c4d12.zip |
show better error messages when a file with a forbidden path is encountered
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/Files')
-rw-r--r-- | lib/private/Files/Storage/Local.php | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php index 944b0b69959..c21364847e1 100644 --- a/lib/private/Files/Storage/Local.php +++ b/lib/private/Files/Storage/Local.php @@ -288,16 +288,14 @@ class Local extends \OC\Files\Storage\Common { } } - private function treeContainsBlacklistedFile(string $path): bool { + private function checkTreeForForbiddenItems(string $path) { $iterator = new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($path)); foreach ($iterator as $file) { /** @var \SplFileInfo $file */ if (Filesystem::isFileBlacklisted($file->getBasename())) { - return true; + throw new ForbiddenException('Invalid path: ' . $file->getPathname(), false); } } - - return false; } public function rename($path1, $path2) { @@ -337,9 +335,7 @@ class Local extends \OC\Files\Storage\Common { return $result; } - if ($this->treeContainsBlacklistedFile($this->getSourcePath($path1))) { - throw new ForbiddenException('Invalid path', false); - } + $this->checkTreeForForbiddenItems($this->getSourcePath($path1)); } return rename($this->getSourcePath($path1), $this->getSourcePath($path2)); @@ -437,7 +433,7 @@ class Local extends \OC\Files\Storage\Common { */ public function getSourcePath($path) { if (Filesystem::isFileBlacklisted($path)) { - throw new ForbiddenException('Invalid path', false); + throw new ForbiddenException('Invalid path: ' . $path, false); } $fullPath = $this->datadir . $path; |