From b060a17b59f7117a670f09550215cb005dd822bc Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Wed, 19 Feb 2014 19:08:28 +0100 Subject: Added extra checks for ext storage class --- apps/files_external/lib/config.php | 8 +++++++- apps/files_external/tests/mountconfig.php | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) (limited to 'apps') diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php index 94dc5fb7ad8..cd3e7f3a4a6 100755 --- a/apps/files_external/lib/config.php +++ b/apps/files_external/lib/config.php @@ -277,15 +277,21 @@ class OC_Mount_Config { $mountType, $applicable, $isPersonal = false) { + $backends = self::getBackends(); $mountPoint = OC\Files\Filesystem::normalizePath($mountPoint); if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') { // can't mount at root or "Shared" folder return false; } + + if (!isset($backends[$class])) { + // invalid backend + return false; + } if ($isPersonal) { // Verify that the mount point applies for the current user // Prevent non-admin users from mounting local storage - if ($applicable != OCP\User::getUser() || $class == '\OC\Files\Storage\Local') { + if ($applicable !== OCP\User::getUser() || strtolower($class) === '\oc\files\storage\local') { return false; } $mountPoint = '/'.$applicable.'/files/'.ltrim($mountPoint, '/'); diff --git a/apps/files_external/tests/mountconfig.php b/apps/files_external/tests/mountconfig.php index 941aec680bb..24ebcf51346 100644 --- a/apps/files_external/tests/mountconfig.php +++ b/apps/files_external/tests/mountconfig.php @@ -48,4 +48,29 @@ class Test_Mount_Config extends \PHPUnit_Framework_TestCase { $this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal)); } + + public function testAddMountPointSingleUser() { + \OC_User::setUserId('test'); + $mountType = 'user'; + $applicable = 'test'; + $isPersonal = true; + // local + $this->assertEquals(false, OC_Mount_Config::addMountPoint('/ext', '\OC\Files\storage\local', array(), $mountType, $applicable, $isPersonal)); + // non-local + // FIXME: can't test this yet as the class (write operation) is not mockable + // $this->assertEquals(true, OC_Mount_Config::addMountPoint('/ext', '\OC\Files\Storage\SFTP', array(), $mountType, $applicable, $isPersonal)); + + } + + public function testAddMountPointUnexistClass() { + \OC_User::setUserId('test'); + $storageClass = 'Unexist_Storage'; + $mountType = 'user'; + $applicable = 'test'; + $isPersonal = true; + // local + // non-local + $this->assertEquals(false, OC_Mount_Config::addMountPoint('/ext', $storageClass, array(), $mountType, $applicable, $isPersonal)); + + } } -- cgit v1.2.3