diff options
| author | Carl Schwan <carl@carlschwan.eu> | 2021-10-21 18:12:34 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-21 18:12:34 +0200 |
| commit | 5d9474d324a8e368751d72db3692fcd895a29115 (patch) | |
| tree | b6bc58f503d14f4d84604b0782d4398ee1234c52 /lib | |
| parent | 9a8bb5e9ed26945dc0c026f788832178245a11e1 (diff) | |
| parent | 9408f8ae6994666b685f5e2de588f9b2a79a00ed (diff) | |
| download | nextcloud-server-5d9474d324a8e368751d72db3692fcd895a29115.tar.gz nextcloud-server-5d9474d324a8e368751d72db3692fcd895a29115.zip | |
Merge pull request #29362 from nextcloud/fix/groupfolder-copy-acl
Fix security issues when copying groupfolder with advanced ACL
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Files/Storage/Local.php | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php index 870217db20f..13f1a6f2ec4 100644 --- a/lib/private/Files/Storage/Local.php +++ b/lib/private/Files/Storage/Local.php @@ -525,7 +525,10 @@ class Local extends \OC\Files\Storage\Common { * @return bool */ public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) { - if ($sourceStorage->instanceOfStorage(Local::class)) { + // Don't treat ACLStorageWrapper like local storage where copy can be done directly. + // Instead use the slower recursive copying in php from Common::copyFromStorage with + // more permissions checks. + if ($sourceStorage->instanceOfStorage(Local::class) && !$sourceStorage->instanceOfStorage('OCA\GroupFolders\ACL\ACLStorageWrapper')) { if ($sourceStorage->instanceOfStorage(Jail::class)) { /** * @var \OC\Files\Storage\Wrapper\Jail $sourceStorage |