diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-01 13:20:19 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-06-01 13:20:19 +0200 |
| commit | 2c86cc821c783ce6221ad4e9b6afa704cc6f8b3f (patch) | |
| tree | 512e363a1eced16eb507becd76e1c41def2f9e2c /lib | |
| parent | b522baaaa6ec1b33cb63b2cb992bccd83cb88c50 (diff) | |
| parent | 06f8c80af6c7543750007315582dee7099f4b215 (diff) | |
| download | nextcloud-server-2c86cc821c783ce6221ad4e9b6afa704cc6f8b3f.tar.gz nextcloud-server-2c86cc821c783ce6221ad4e9b6afa704cc6f8b3f.zip | |
Merge pull request #16628 from owncloud/webdav-validatepath
Validate target file name for some webdav ops
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/connector/sabre/directory.php | 7 | ||||
| -rw-r--r-- | lib/private/connector/sabre/objecttree.php | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index 67fdbb28dea..ef35b300ea2 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -27,6 +27,8 @@ */ namespace OC\Connector\Sabre; +use OC\Connector\Sabre\Exception\InvalidPath; + class Directory extends \OC\Connector\Sabre\Node implements \Sabre\DAV\ICollection, \Sabre\DAV\IQuota { @@ -91,6 +93,8 @@ class Directory extends \OC\Connector\Sabre\Node } } + $this->fileView->verifyPath($this->path, $name); + $path = $this->fileView->getAbsolutePath($this->path) . '/' . $name; // using a dummy FileInfo is acceptable here since it will be refreshed after the put is complete $info = new \OC\Files\FileInfo($path, null, null, array(), null); @@ -114,12 +118,15 @@ class Directory extends \OC\Connector\Sabre\Node throw new \Sabre\DAV\Exception\Forbidden(); } + $this->fileView->verifyPath($this->path, $name); $newPath = $this->path . '/' . $name; if (!$this->fileView->mkdir($newPath)) { throw new \Sabre\DAV\Exception\Forbidden('Could not create directory ' . $newPath); } } catch (\OCP\Files\StorageNotAvailableException $e) { throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage()); + } catch (\OCP\Files\InvalidPathException $ex) { + throw new InvalidPath($ex->getMessage()); } } diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php index 8def14e8e9c..17d9aff8f68 100644 --- a/lib/private/connector/sabre/objecttree.php +++ b/lib/private/connector/sabre/objecttree.php @@ -249,6 +249,13 @@ class ObjectTree extends \Sabre\DAV\Tree { // this will trigger existence check $this->getNodeForPath($source); + list($destinationDir, $destinationName) = \Sabre\HTTP\URLUtil::splitPath($destination); + try { + $this->fileView->verifyPath($destinationDir, $destinationName); + } catch (\OCP\Files\InvalidPathException $ex) { + throw new InvalidPath($ex->getMessage()); + } + try { $this->fileView->copy($source, $destination); } catch (\OCP\Files\StorageNotAvailableException $e) { |