diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-03-26 23:14:24 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-03-26 23:17:18 +0100 |
| commit | 9622fbdf292298458427ac6a33d65aba8f07b395 (patch) | |
| tree | 3b9ec081b97e503bf72c17ca893f9e0f81bb8a29 /tests | |
| parent | 746be98e0387ea138c4413fb89ad7e9ee87ce7aa (diff) | |
| download | nextcloud-server-9622fbdf292298458427ac6a33d65aba8f07b395.tar.gz nextcloud-server-9622fbdf292298458427ac6a33d65aba8f07b395.zip | |
Filter potential dangerous characters in path name
We should not allow / or \ in the postfix here.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/tempmanager.php | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/lib/tempmanager.php b/tests/lib/tempmanager.php index 427e260c3fb..9bedd7c401b 100644 --- a/tests/lib/tempmanager.php +++ b/tests/lib/tempmanager.php @@ -151,4 +151,17 @@ class TempManager extends \Test\TestCase { ->with($this->stringContains('Can not create a temporary folder in directory')); $this->assertFalse($manager->getTemporaryFolder()); } + + public function testGeneratePathTraversal() { + $logger = $this->getMock('\Test\NullLogger'); + $tmpManager = \Test_Helper::invokePrivate( + $this->getManager($logger), + 'generatePath', + ['../Traversal\\../FileName'] + ); + + $this->assertStringEndsNotWith('./Traversal\\../FileName', $tmpManager); + $this->assertStringEndsWith('.Traversal..FileName', $tmpManager); + + } } |