diff options
| author | Andy Scherzinger <info@andy-scherzinger.de> | 2024-09-15 21:25:30 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-15 21:25:30 +0200 |
| commit | fa355386f779428a90c40dbf6467c3d924bff24b (patch) | |
| tree | 5e3c2bbea3fd0199a3ec13f6d5f62e35bd79c87e /lib | |
| parent | 9561834b9652a154efcb80fdb0f7e00c1445ddd7 (diff) | |
| parent | 2bb8c023c2eafd0f17065dfbf38e7f70d2a2fa84 (diff) | |
| download | nextcloud-server-fa355386f779428a90c40dbf6467c3d924bff24b.tar.gz nextcloud-server-fa355386f779428a90c40dbf6467c3d924bff24b.zip | |
Merge pull request #47796 from nextcloud/backport/47756/stable30
[stable30] fix(files): Check if target path is a descendant of the shared folder
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Files/View.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 2f0d297237d..db2483fab76 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1794,7 +1794,8 @@ class View { }, $providers)); foreach ($shares as $share) { - if (str_starts_with($targetPath, $share->getNode()->getPath())) { + $sharedPath = $share->getNode()->getPath(); + if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) { $this->logger->debug( 'It is not allowed to move one mount point into a shared folder', ['app' => 'files']); |