Encryption storage wrapper is enabled by default - necessary to detect encrypted files even if encryption was disabled after files have been encrypted - prevents data corruption

1 files changed, 13 insertions, 1 deletions

diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php
index 2e5bbfd97be..946e7bfbe40 100644
--- a/lib/private/files/storage/wrapper/encryption.php
+++ b/lib/private/files/storage/wrapper/encryption.php
@@ -229,13 +229,17 @@ class Encryption extends Wrapper {
 		$encryptionModuleId = $this->util->getEncryptionModuleId($header);
 
 		$size = $unencryptedSize = 0;
-		if ($this->file_exists($path)) {
+		$targetExists = $this->file_exists($path);
+		$targetIsEncrypted = false;
+		if ($targetExists) {
 			// in case the file exists we require the explicit module as
 			// specified in the file header - otherwise we need to fail hard to
 			// prevent data loss on client side
 			if (!empty($encryptionModuleId)) {
+				$targetIsEncrypted = true;
 				$encryptionModule = $this->encryptionManager->getEncryptionModule($encryptionModuleId);
 			}
+
 			$size = $this->storage->filesize($path);
 			$unencryptedSize = $this->filesize($path);
 		}
@@ -266,6 +270,14 @@ class Encryption extends Wrapper {
 				'" not found, file will be stored unencrypted');
 		}
 
+		// encryption disabled on write of new file and write to existing unencrypted file -> don't encrypt
+		$encEnabled = $this->encryptionManager->isEnabled();
+		if (!$encEnabled ) {
+			if (!$targetExists || !$targetIsEncrypted) {
+				$shouldEncrypt = false;
+			}
+		}
+
 		if($shouldEncrypt === true && !$this->util->isExcluded($fullPath) && $encryptionModule !== null) {
 			$source = $this->storage->fopen($path, $mode);
 			$handle = \OC\Files\Stream\Encryption::wrap($source, $path, $fullPath, $header,