summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/connector/sabre/directory.php8
-rw-r--r--lib/connector/sabre/file.php9
-rw-r--r--lib/connector/sabre/node.php11
-rw-r--r--lib/connector/sabre/objecttree.php44
-rw-r--r--lib/preview/txt.php10
-rwxr-xr-xlib/util.php9
-rw-r--r--tests/data/testcal.ics13
-rw-r--r--tests/data/testcontact.vcf6
-rw-r--r--tests/lib/connector/sabre/objecttree.php87
-rw-r--r--tests/lib/preview.php43
10 files changed, 225 insertions, 15 deletions
diff --git a/lib/connector/sabre/directory.php b/lib/connector/sabre/directory.php
index 3181a4b310f..a50098df793 100644
--- a/lib/connector/sabre/directory.php
+++ b/lib/connector/sabre/directory.php
@@ -88,7 +88,13 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
}
// rename to correct path
- \OC\Files\Filesystem::rename($partpath, $newPath);
+ $renameOkay = \OC\Files\Filesystem::rename($partpath, $newPath);
+ $fileExists = \OC\Files\Filesystem::file_exists($newPath);
+ if ($renameOkay === false || $fileExists === false) {
+ \OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+ \OC\Files\Filesystem::unlink($partpath);
+ throw new Sabre_DAV_Exception();
+ }
// allow sync clients to send the mtime along in a header
$mtime = OC_Request::hasModificationTime();
diff --git a/lib/connector/sabre/file.php b/lib/connector/sabre/file.php
index 61bdcd5e0ae..433b1148552 100644
--- a/lib/connector/sabre/file.php
+++ b/lib/connector/sabre/file.php
@@ -74,7 +74,14 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
}
// rename to correct path
- \OC\Files\Filesystem::rename($partpath, $this->path);
+ $renameOkay = \OC\Files\Filesystem::rename($partpath, $this->path);
+ $fileExists = \OC\Files\Filesystem::file_exists($this->path);
+ if ($renameOkay === false || $fileExists === false) {
+ \OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+ \OC\Files\Filesystem::unlink($partpath);
+ throw new Sabre_DAV_Exception();
+ }
+
//allow sync clients to send the mtime along in a header
$mtime = OC_Request::hasModificationTime();
diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php
index 0bffa58af78..29b7f9e53a5 100644
--- a/lib/connector/sabre/node.php
+++ b/lib/connector/sabre/node.php
@@ -78,6 +78,11 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
*/
public function setName($name) {
+ // rename is only allowed if the update privilege is granted
+ if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
list($parentPath, ) = Sabre_DAV_URLUtil::splitPath($this->path);
list(, $newName) = Sabre_DAV_URLUtil::splitPath($name);
@@ -135,6 +140,12 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
* Even if the modification time is set to a custom value the access time is set to now.
*/
public function touch($mtime) {
+
+ // touch is only allowed if the update privilege is granted
+ if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
\OC\Files\Filesystem::touch($this->path, $mtime);
}
diff --git a/lib/connector/sabre/objecttree.php b/lib/connector/sabre/objecttree.php
index acff45ed5e2..80c3840b99d 100644
--- a/lib/connector/sabre/objecttree.php
+++ b/lib/connector/sabre/objecttree.php
@@ -11,6 +11,14 @@ namespace OC\Connector\Sabre;
use OC\Files\Filesystem;
class ObjectTree extends \Sabre_DAV_ObjectTree {
+
+ /**
+ * keep this public to allow mock injection during unit test
+ *
+ * @var \OC\Files\View
+ */
+ public $fileView;
+
/**
* Returns the INode object for the requested path
*
@@ -21,14 +29,16 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
public function getNodeForPath($path) {
$path = trim($path, '/');
- if (isset($this->cache[$path])) return $this->cache[$path];
+ if (isset($this->cache[$path])) {
+ return $this->cache[$path];
+ }
// Is it the root node?
if (!strlen($path)) {
return $this->rootNode;
}
- $info = Filesystem::getFileInfo($path);
+ $info = $this->getFileView()->getFileInfo($path);
if (!$info) {
throw new \Sabre_DAV_Exception_NotFound('File with name ' . $path . ' could not be located');
@@ -64,7 +74,25 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
list($sourceDir,) = \Sabre_DAV_URLUtil::splitPath($sourcePath);
list($destinationDir,) = \Sabre_DAV_URLUtil::splitPath($destinationPath);
- Filesystem::rename($sourcePath, $destinationPath);
+ // check update privileges
+ $fs = $this->getFileView();
+ if (!$fs->isUpdatable($sourcePath)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+ if ($sourceDir !== $destinationDir) {
+ // for a full move we need update privileges on sourcePath and sourceDir as well as destinationDir
+ if (!$fs->isUpdatable($sourceDir)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+ if (!$fs->isUpdatable($destinationDir)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+ }
+
+ $renameOkay = $fs->rename($sourcePath, $destinationPath);
+ if (!$renameOkay) {
+ throw new \Sabre_DAV_Exception_Forbidden('');
+ }
$this->markDirty($sourceDir);
$this->markDirty($destinationDir);
@@ -101,4 +129,14 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
list($destinationDir,) = \Sabre_DAV_URLUtil::splitPath($destination);
$this->markDirty($destinationDir);
}
+
+ /**
+ * @return \OC\Files\View
+ */
+ public function getFileView() {
+ if (is_null($this->fileView)) {
+ $this->fileView = \OC\Files\Filesystem::getView();
+ }
+ return $this->fileView;
+ }
}
diff --git a/lib/preview/txt.php b/lib/preview/txt.php
index a487330691e..77e728eb364 100644
--- a/lib/preview/txt.php
+++ b/lib/preview/txt.php
@@ -9,11 +9,21 @@ namespace OC\Preview;
class TXT extends Provider {
+ private static $blacklist = array(
+ 'text/calendar',
+ 'text/vcard',
+ );
+
public function getMimeType() {
return '/text\/.*/';
}
public function getThumbnail($path, $maxX, $maxY, $scalingup, $fileview) {
+ $mimetype = $fileview->getMimeType($path);
+ if(in_array($mimetype, self::$blacklist)) {
+ return false;
+ }
+
$content = $fileview->fopen($path, 'r');
$content = stream_get_contents($content);
diff --git a/lib/util.php b/lib/util.php
index 41f5f1d16be..d4f4eed1ca7 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -730,12 +730,6 @@ class OC_Util {
'baseUri' => OC_Helper::linkToRemote('webdav'),
);
- // save the old timeout so that we can restore it later
- $oldTimeout = ini_get("default_socket_timeout");
-
- // use a 5 sec timeout for the check. Should be enough for local requests.
- ini_set("default_socket_timeout", 5);
-
$client = new \Sabre_DAV_Client($settings);
// for this self test we don't care if the ssl certificate is self signed and the peer cannot be verified.
@@ -752,9 +746,6 @@ class OC_Util {
$return = false;
}
- // restore the original timeout
- ini_set("default_socket_timeout", $oldTimeout);
-
return $return;
}
diff --git a/tests/data/testcal.ics b/tests/data/testcal.ics
new file mode 100644
index 00000000000..e05f01ba1c2
--- /dev/null
+++ b/tests/data/testcal.ics
@@ -0,0 +1,13 @@
+BEGIN:VCALENDAR
+PRODID:-//some random cal software//EN
+VERSION:2.0
+BEGIN:VEVENT
+CREATED:20130102T120000Z
+LAST-MODIFIED:20130102T120000Z
+DTSTAMP:20130102T120000Z
+UID:f106ecdf-c716-43ef-9d94-4e6f19f2fcfb
+SUMMARY:a test cal file
+DTSTART;VALUE=DATE:20130101
+DTEND;VALUE=DATE:20130102
+END:VEVENT
+END:VCALENDAR \ No newline at end of file
diff --git a/tests/data/testcontact.vcf b/tests/data/testcontact.vcf
new file mode 100644
index 00000000000..2af963d6916
--- /dev/null
+++ b/tests/data/testcontact.vcf
@@ -0,0 +1,6 @@
+BEGIN:VCARD
+VERSION:3.0
+PRODID:-//some random contact software//EN
+N:def;abc;;;
+FN:abc def
+END:VCARD \ No newline at end of file
diff --git a/tests/lib/connector/sabre/objecttree.php b/tests/lib/connector/sabre/objecttree.php
new file mode 100644
index 00000000000..1d76bb59676
--- /dev/null
+++ b/tests/lib/connector/sabre/objecttree.php
@@ -0,0 +1,87 @@
+<?php
+/**
+ * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace Test\OC\Connector\Sabre;
+
+
+use OC_Connector_Sabre_Directory;
+use PHPUnit_Framework_TestCase;
+use Sabre_DAV_Exception_Forbidden;
+
+class TestDoubleFileView extends \OC\Files\View{
+
+ public function __construct($updatables, $canRename = true) {
+ $this->updatables = $updatables;
+ $this->canRename = $canRename;
+ }
+
+ public function isUpdatable($path) {
+ return $this->updatables[$path];
+ }
+
+ public function rename($path1, $path2) {
+ return $this->canRename;
+ }
+}
+
+class ObjectTree extends PHPUnit_Framework_TestCase {
+
+ /**
+ * @dataProvider moveFailedProvider
+ * @expectedException Sabre_DAV_Exception_Forbidden
+ */
+ public function testMoveFailed($source, $dest, $updatables) {
+ $this->moveTest($source, $dest, $updatables);
+ }
+
+ /**
+ * @dataProvider moveSuccessProvider
+ */
+ public function testMoveSuccess($source, $dest, $updatables) {
+ $this->moveTest($source, $dest, $updatables);
+ $this->assertTrue(true);
+ }
+
+ function moveFailedProvider() {
+ return array(
+ array('a/b', 'a/c', array('a' => false, 'a/b' => false, 'a/c' => false)),
+ array('a/b', 'b/b', array('a' => false, 'a/b' => false, 'b' => false, 'b/b' => false)),
+ array('a/b', 'b/b', array('a' => false, 'a/b' => true, 'b' => false, 'b/b' => false)),
+ array('a/b', 'b/b', array('a' => true, 'a/b' => true, 'b' => false, 'b/b' => false)),
+ );
+ }
+
+ function moveSuccessProvider() {
+ return array(
+ array('a/b', 'a/c', array('a' => false, 'a/b' => true, 'a/c' => false)),
+ array('a/b', 'b/b', array('a' => true, 'a/b' => true, 'b' => true, 'b/b' => false)),
+ );
+ }
+
+ /**
+ * @param $source
+ * @param $dest
+ * @param $updatables
+ */
+ private function moveTest($source, $dest, $updatables) {
+ $rootDir = new OC_Connector_Sabre_Directory('');
+ $objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
+ array('nodeExists', 'getNodeForPath'),
+ array($rootDir));
+
+ $objectTree->expects($this->once())
+ ->method('getNodeForPath')
+ ->with($this->identicalTo($source))
+ ->will($this->returnValue(false));
+
+ /** @var $objectTree \OC\Connector\Sabre\ObjectTree */
+ $objectTree->fileView = new TestDoubleFileView($updatables);
+ $objectTree->move($source, $dest);
+ }
+
+}
diff --git a/tests/lib/preview.php b/tests/lib/preview.php
index bebdc12b500..d0cdd2c44fb 100644
--- a/tests/lib/preview.php
+++ b/tests/lib/preview.php
@@ -92,6 +92,47 @@ class Preview extends \PHPUnit_Framework_TestCase {
$this->assertEquals($image->height(), $maxY);
}
+ public function txtBlacklist() {
+ $txt = 'random text file';
+ $ics = file_get_contents(__DIR__ . '/../data/testcal.ics');
+ $vcf = file_get_contents(__DIR__ . '/../data/testcontact.vcf');
+
+ return array(
+ array('txt', $txt, false),
+ array('ics', $ics, true),
+ array('vcf', $vcf, true),
+ );
+ }
+
+ /**
+ * @dataProvider txtBlacklist
+ */
+ public function testIsTransparent($extension, $data, $expectedResult) {
+ $user = $this->initFS();
+
+ $rootView = new \OC\Files\View('');
+ $rootView->mkdir('/'.$user);
+ $rootView->mkdir('/'.$user.'/files');
+
+ $x = 32;
+ $y = 32;
+
+ $sample = '/'.$user.'/files/test.'.$extension;
+ $rootView->file_put_contents($sample, $data);
+ $preview = new \OC\Preview($user, 'files/', 'test.'.$extension, $x, $y);
+ $image = $preview->getPreview();
+ $resource = $image->resource();
+
+ //http://stackoverflow.com/questions/5702953/imagecolorat-and-transparency
+ $colorIndex = imagecolorat($resource, 1, 1);
+ $colorInfo = imagecolorsforindex($resource, $colorIndex);
+ $this->assertEquals(
+ $expectedResult,
+ $colorInfo['alpha'] === 127,
+ 'Failed asserting that only previews for text files are transparent.'
+ );
+ }
+
private function initFS() {
if(\OC\Files\Filesystem::getView()){
$user = \OC_User::getUser();
@@ -105,4 +146,4 @@ class Preview extends \PHPUnit_Framework_TestCase {
return $user;
}
-} \ No newline at end of file
+}