diff options
author | Git'Fellow <12234510+solracsf@users.noreply.github.com> | 2024-09-04 22:24:19 +0200 |
---|---|---|
committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-09-05 23:54:01 +0200 |
commit | 0308001118462f5a6369fed313b844f631a43bcb (patch) | |
tree | 7dc9e9a883e8b0e61b14e33381191ee58bd064fa /lib | |
parent | 9aafc0f989ea78e3536299da96861ea8a6c13f43 (diff) | |
download | nextcloud-server-0308001118462f5a6369fed313b844f631a43bcb.tar.gz nextcloud-server-0308001118462f5a6369fed313b844f631a43bcb.zip |
fix(files): Check if the target path is a descendant of the shared folder path
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
fix: tests
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
fix: fix tests
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
fix: add tests
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
fix: tests
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Files/View.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 2241bc02ae6..336349c680b 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1794,7 +1794,8 @@ class View { }, $providers)); foreach ($shares as $share) { - if (str_starts_with($targetPath, $share->getNode()->getPath())) { + $sharedPath = $share->getNode()->getPath(); + if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) { $this->logger->debug( 'It is not allowed to move one mount point into a shared folder', ['app' => 'files']); |