diff options
| author | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2024-05-27 19:21:03 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-27 19:21:03 +0200 |
| commit | 7ae086b63f8ea76162f4c5b803eb6667ea65f23e (patch) | |
| tree | 3188af2bf8ead3081acbc2631756aa9519428a1d /lib/private | |
| parent | 7cb1ebacb90b8556a0adea04cb7f4a824013ddc6 (diff) | |
| download | nextcloud-server-7ae086b63f8ea76162f4c5b803eb6667ea65f23e.tar.gz nextcloud-server-7ae086b63f8ea76162f4c5b803eb6667ea65f23e.zip | |
Fix backport
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Files/View.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index f524debfb56..d047ea4e53e 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -732,6 +732,11 @@ class View { public function rename($source, $target) { $absolutePath1 = Filesystem::normalizePath($this->getAbsolutePath($source)); $absolutePath2 = Filesystem::normalizePath($this->getAbsolutePath($target)); + + if (str_starts_with($absolutePath2, $absolutePath1 . '/')) { + throw new ForbiddenException("Moving a folder into a child folder is forbidden", false); + } + $result = false; if ( Filesystem::isValidPath($target) |