From 27642d3e6dc01a387762e0b13fc66557e0c835b2 Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Fri, 23 Feb 2024 02:22:12 +0100 Subject: fix: Enforce forbidden filename characters on backend Signed-off-by: Ferdinand Thiessen --- lib/private/Files/Storage/Common.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/private/Files') diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php index 830f0aaded7..0d4e8d29295 100644 --- a/lib/private/Files/Storage/Common.php +++ b/lib/private/Files/Storage/Common.php @@ -567,7 +567,9 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { * @throws InvalidPathException */ protected function verifyPosixPath($fileName) { - $this->scanForInvalidCharacters($fileName, "\\/"); + $invalidChars = \OCP\Util::getForbiddenFileNameChars(); + $this->scanForInvalidCharacters($fileName, $invalidChars); + $fileName = trim($fileName); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { @@ -577,11 +579,11 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { /** * @param string $fileName - * @param string $invalidChars + * @param string[] $invalidChars * @throws InvalidPathException */ - private function scanForInvalidCharacters($fileName, $invalidChars) { - foreach (str_split($invalidChars) as $char) { + private function scanForInvalidCharacters(string $fileName, array $invalidChars) { + foreach ($invalidChars as $char) { if (str_contains($fileName, $char)) { throw new InvalidCharacterInPathException(); } @@ -668,7 +670,7 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { private function isSameStorage(IStorage $storage): bool { while ($storage->instanceOfStorage(Wrapper::class)) { /** - * @var Wrapper $sourceStorage + * @var Wrapper $storage */ $storage = $storage->getWrapperStorage(); } -- cgit v1.2.3