diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-02-23 02:22:12 +0100 |
|---|---|---|
| committer | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-02-28 22:19:25 +0100 |
| commit | 27642d3e6dc01a387762e0b13fc66557e0c835b2 (patch) | |
| tree | 23e775bd6d604f7e7aed54576b57712fad34a490 /lib/private | |
| parent | 281c8a49a78c70e19bb88b01f9c13a97472053d2 (diff) | |
| download | nextcloud-server-27642d3e6dc01a387762e0b13fc66557e0c835b2.tar.gz nextcloud-server-27642d3e6dc01a387762e0b13fc66557e0c835b2.zip | |
fix: Enforce forbidden filename characters on backend
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Files/Storage/Common.php | 12 | ||||
| -rw-r--r-- | lib/private/legacy/OC_Util.php | 4 |
2 files changed, 9 insertions, 7 deletions
diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php index 830f0aaded7..0d4e8d29295 100644 --- a/lib/private/Files/Storage/Common.php +++ b/lib/private/Files/Storage/Common.php @@ -567,7 +567,9 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { * @throws InvalidPathException */ protected function verifyPosixPath($fileName) { - $this->scanForInvalidCharacters($fileName, "\\/"); + $invalidChars = \OCP\Util::getForbiddenFileNameChars(); + $this->scanForInvalidCharacters($fileName, $invalidChars); + $fileName = trim($fileName); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { @@ -577,11 +579,11 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { /** * @param string $fileName - * @param string $invalidChars + * @param string[] $invalidChars * @throws InvalidPathException */ - private function scanForInvalidCharacters($fileName, $invalidChars) { - foreach (str_split($invalidChars) as $char) { + private function scanForInvalidCharacters(string $fileName, array $invalidChars) { + foreach ($invalidChars as $char) { if (str_contains($fileName, $char)) { throw new InvalidCharacterInPathException(); } @@ -668,7 +670,7 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { private function isSameStorage(IStorage $storage): bool { while ($storage->instanceOfStorage(Wrapper::class)) { /** - * @var Wrapper $sourceStorage + * @var Wrapper $storage */ $storage = $storage->getWrapperStorage(); } diff --git a/lib/private/legacy/OC_Util.php b/lib/private/legacy/OC_Util.php index 3b6d9b8baec..42a0d9450b5 100644 --- a/lib/private/legacy/OC_Util.php +++ b/lib/private/legacy/OC_Util.php @@ -1112,8 +1112,8 @@ class OC_Util { return false; } - foreach (str_split($trimmed) as $char) { - if (str_contains(\OCP\Constants::FILENAME_INVALID_CHARS, $char)) { + foreach (\OCP\Util::getForbiddenFileNameChars() as $char) { + if (str_contains($trimmed, $char)) { return false; } } |