Merge pull request #6714 from owncloud/files-newfileinvalidcharsfix

Added extra checks for invalid file chars in newfile.php and newfolder.php

3 files changed, 104 insertions, 0 deletions

diff --git a/tests/lib/connector/sabre/file.php b/tests/lib/connector/sabre/file.php
index e1fed0384c6..50b8711a90d 100644
--- a/tests/lib/connector/sabre/file.php
+++ b/tests/lib/connector/sabre/file.php
@@ -36,6 +36,46 @@ class Test_OC_Connector_Sabre_File extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
+	 * @expectedException Sabre_DAV_Exception_BadRequest
+	 */
+	public function testSimplePutInvalidChars() {
+		// setup
+		$file = new OC_Connector_Sabre_File('/super*star.txt');
+		$file->fileView = $this->getMock('\OC\Files\View', array('file_put_contents'), array(), '', FALSE);
+		$file->fileView->expects($this->any())->method('file_put_contents')->withAnyParameters()->will($this->returnValue(false));
+
+		// action
+		$etag = $file->put('test data');
+	}
+
+	/**
+	 * Test setting name with setName()
+	 */
+	public function testSetName() {
+		// setup
+		$file = new OC_Connector_Sabre_File('/test.txt');
+		$file->fileView = $this->getMock('\OC\Files\View', array('isUpdatable'), array(), '', FALSE);
+		$file->fileView->expects($this->any())->method('isUpdatable')->withAnyParameters()->will($this->returnValue(true));
+		$etag = $file->put('test data');
+		$file->setName('/renamed.txt');
+		$this->assertTrue($file->fileView->file_exists('/renamed.txt'));
+		// clean up
+		$file->delete();
+	}
+
+	/**
+	 * Test setting name with setName() with invalid chars
+	 * @expectedException Sabre_DAV_Exception_BadRequest
+	 */
+	public function testSetNameInvalidChars() {
+		// setup
+		$file = new OC_Connector_Sabre_File('/test.txt');
+		$file->fileView = $this->getMock('\OC\Files\View', array('isUpdatable'), array(), '', FALSE);
+		$file->fileView->expects($this->any())->method('isUpdatable')->withAnyParameters()->will($this->returnValue(true));
+		$file->setName('/super*star.txt');
+	}
+
+	/**
 	 * @expectedException Sabre_DAV_Exception_Forbidden
 	 */
 	public function testDeleteSharedFails() {
diff --git a/tests/lib/connector/sabre/objecttree.php b/tests/lib/connector/sabre/objecttree.php
index e32f2365f95..fb50c736edd 100644
--- a/tests/lib/connector/sabre/objecttree.php
+++ b/tests/lib/connector/sabre/objecttree.php
@@ -52,6 +52,20 @@ class ObjectTree extends PHPUnit_Framework_TestCase {
 		$this->assertTrue(true);
 	}
 
+	/**
+	 * @dataProvider moveFailedInvalidCharsProvider
+	 * @expectedException Sabre_DAV_Exception_BadRequest
+	 */
+	public function testMoveFailedInvalidChars($source, $dest, $updatables, $deletables) {
+		$this->moveTest($source, $dest, $updatables, $deletables);
+	}
+
+	function moveFailedInvalidCharsProvider() {
+		return array(
+			array('a/b', 'a/c*', array('a' => false, 'a/b' => true, 'a/c*' => false), array()),
+		);
+	}
+
 	function moveFailedProvider() {
 		return array(
 			array('a/b', 'a/c', array('a' => false, 'a/b' => false, 'a/c' => false), array()),
@@ -66,6 +80,8 @@ class ObjectTree extends PHPUnit_Framework_TestCase {
 		return array(
 			array('a/b', 'a/c', array('a' => false, 'a/b' => true, 'a/c' => false), array()),
 			array('a/b', 'b/b', array('a' => true, 'a/b' => true, 'b' => true, 'b/b' => false), array('a/b' => true)),
+			// older files with special chars can still be renamed to valid names
+			array('a/b*', 'b/b', array('a' => true, 'a/b*' => true, 'b' => true, 'b/b' => false), array('a/b*' => true)),
 		);
 	}
 
diff --git a/tests/lib/util.php b/tests/lib/util.php
index bfe68f5f680..ee336aa1118 100644
--- a/tests/lib/util.php
+++ b/tests/lib/util.php
@@ -170,4 +170,52 @@ class Test_Util extends PHPUnit_Framework_TestCase {
 			array('442aa682de2a64db1e010f50e60fd9c9', 'local::C:\Users\ADMINI~1\AppData\Local\Temp\2/442aa682de2a64db1e010f50e60fd9c9/')
 		);
 	}
+
+	/**
+	 * @dataProvider filenameValidationProvider
+	 */
+	public function testFilenameValidation($file, $valid) {
+		// private API
+		$this->assertEquals($valid, \OC_Util::isValidFileName($file));
+		// public API
+		$this->assertEquals($valid, \OCP\Util::isValidFileName($file));
+	}
+
+	public function filenameValidationProvider() {
+		return array(
+			// valid names
+			array('boringname', true),
+			array('something.with.extension', true),
+			array('now with spaces', true),
+			array('.a', true),
+			array('..a', true),
+			array('.dotfile', true),
+			array('single\'quote', true),
+			array('  spaces before', true),
+			array('spaces after   ', true),
+			array('allowed chars including the crazy ones $%&_-^@!,()[]{}=;#', true),
+			array('汉字也能用', true),
+			array('und Ümläüte sind auch willkommen', true),
+			// disallowed names
+			array('', false),
+			array('     ', false),
+			array('.', false),
+			array('..', false),
+			array('back\\slash', false),
+			array('sl/ash', false),
+			array('lt<lt', false),
+			array('gt>gt', false),
+			array('col:on', false),
+			array('double"quote', false),
+			array('pi|pe', false),
+			array('dont?ask?questions?', false),
+			array('super*star', false),
+			array('new\nline', false),
+			// better disallow these to avoid unexpected trimming to have side effects
+			array(' ..', false),
+			array('.. ', false),
+			array('. ', false),
+			array(' .', false),
+		);
+	}
 }