diff options
| -rw-r--r-- | lib/private/files/view.php | 8 | ||||
| -rw-r--r-- | tests/lib/files/view.php | 17 |
2 files changed, 25 insertions, 0 deletions
diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 3bc9fdff1ee..3dfd4d0c105 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -36,7 +36,15 @@ class View { */ protected $updater; + /** + * @param string $root + * @throws \Exception If $root contains an invalid path + */ public function __construct($root = '') { + if(!Filesystem::isValidPath($root)) { + throw new \Exception(); + } + $this->fakeRoot = $root; $this->updater = new Updater($this); } diff --git a/tests/lib/files/view.php b/tests/lib/files/view.php index f6af59d52be..b4b6d0deb2e 100644 --- a/tests/lib/files/view.php +++ b/tests/lib/files/view.php @@ -894,4 +894,21 @@ class View extends \Test\TestCase { $this->assertFalse($view->unlink('foo.txt')); $this->assertTrue($cache->inCache('foo.txt')); } + + function directoryTraversalProvider() { + return [ + ['../test/'], + ['..\\test\\my/../folder'], + ['/test/my/../foo\\'], + ]; + } + + /** + * @dataProvider directoryTraversalProvider + * @expectedException \Exception + * @param string $root + */ + public function testConstructDirectoryTraversalException($root) { + new \OC\Files\View($root); + } } |