From 4bac595068c813c56d8d5e580e560527ba80194d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Wed, 18 Feb 2015 17:44:13 +0100 Subject: [PATCH 1/8] adding storage specific filename verification - refs #13640 --- apps/files/ajax/newfile.php | 27 +-- apps/files/ajax/newfolder.php | 25 +- apps/files/js/files.js | 14 +- .../connector/sabre/exception/invalidpath.php | 57 +++++ lib/private/connector/sabre/file.php | 10 +- lib/private/connector/sabre/node.php | 14 +- lib/private/connector/sabre/objecttree.php | 7 +- lib/private/files/storage/common.php | 67 +++++- lib/private/files/storage/wrapper/wrapper.php | 12 + lib/private/files/view.php | 37 ++- lib/public/files/storage.php | 9 + .../sabre/exception/invalidpathtest.php | 41 ++++ tests/lib/files/pathverificationtest.php | 226 ++++++++++++++++++ 13 files changed, 485 insertions(+), 61 deletions(-) create mode 100644 lib/private/connector/sabre/exception/invalidpath.php create mode 100644 tests/lib/connector/sabre/exception/invalidpathtest.php create mode 100644 tests/lib/files/pathverificationtest.php diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 062de5a2523..e1f75ae91d0 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -10,7 +10,7 @@ global $eventSource; // Get the params $dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : ''; -$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : ''; +$fileName = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : ''; $l10n = \OC::$server->getL10N('files'); @@ -18,23 +18,14 @@ $result = array( 'success' => false, 'data' => NULL ); -$trimmedFileName = trim($filename); -if($trimmedFileName === '') { - $result['data'] = array('message' => (string)$l10n->t('File name cannot be empty.')); +try { + \OC\Files\Filesystem::getView()->verifyPath($dir, $fileName); +} catch (\OCP\Files\InvalidPathException $ex) { + $result['data'] = [ + 'message' => $ex->getMessage()]; OCP\JSON::error($result); - exit(); -} -if($trimmedFileName === '.' || $trimmedFileName === '..') { - $result['data'] = array('message' => (string)$l10n->t('"%s" is an invalid file name.', $trimmedFileName)); - OCP\JSON::error($result); - exit(); -} - -if(!OCP\Util::isValidFileName($filename)) { - $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); - OCP\JSON::error($result); - exit(); + return; } if (!\OC\Files\Filesystem::file_exists($dir . '/')) { @@ -46,12 +37,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) { exit(); } -$target = $dir.'/'.$filename; +$target = $dir.'/'.$fileName; if (\OC\Files\Filesystem::file_exists($target)) { $result['data'] = array('message' => (string)$l10n->t( 'The name %s is already used in the folder %s. Please choose a different name.', - array($filename, $dir)) + array($fileName, $dir)) ); OCP\JSON::error($result); exit(); diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index e5e038b715c..3a252c5ba3c 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -9,7 +9,7 @@ OCP\JSON::callCheck(); // Get the params $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; -$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : ''; +$folderName = isset($_POST['foldername']) ?(string) $_POST['foldername'] : ''; $l10n = \OC::$server->getL10N('files'); @@ -18,16 +18,13 @@ $result = array( 'data' => NULL ); -if(trim($foldername) === '') { - $result['data'] = array('message' => $l10n->t('Folder name cannot be empty.')); +try { + \OC\Files\Filesystem::getView()->verifyPath($dir, $folderName); +} catch (\OCP\Files\InvalidPathException $ex) { + $result['data'] = [ + 'message' => $ex->getMessage()]; OCP\JSON::error($result); - exit(); -} - -if(!OCP\Util::isValidFileName($foldername)) { - $result['data'] = array('message' => (string)$l10n->t("Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed.")); - OCP\JSON::error($result); - exit(); + return; } if (!\OC\Files\Filesystem::file_exists($dir . '/')) { @@ -39,12 +36,12 @@ if (!\OC\Files\Filesystem::file_exists($dir . '/')) { exit(); } -$target = $dir . '/' . $foldername; +$target = $dir . '/' . $folderName; if (\OC\Files\Filesystem::file_exists($target)) { $result['data'] = array('message' => $l10n->t( 'The name %s is already used in the folder %s. Please choose a different name.', - array($foldername, $dir)) + array($folderName, $dir)) ); OCP\JSON::error($result); exit(); @@ -52,9 +49,9 @@ if (\OC\Files\Filesystem::file_exists($target)) { if(\OC\Files\Filesystem::mkdir($target)) { if ( $dir !== '/') { - $path = $dir.'/'.$foldername; + $path = $dir.'/'.$folderName; } else { - $path = '/'.$foldername; + $path = '/'.$folderName; } $meta = \OC\Files\Filesystem::getFileInfo($path); $meta['type'] = 'dir'; // missing ?! diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 314b8bf39c6..ddb2a80259c 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -103,13 +103,13 @@ throw t('files', 'File name cannot be empty.'); } // check for invalid characters - var invalidCharacters = - ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n']; - for (var i = 0; i < invalidCharacters.length; i++) { - if (trimmedName.indexOf(invalidCharacters[i]) !== -1) { - throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."); - } - } + //var invalidCharacters = + // ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n']; + //for (var i = 0; i < invalidCharacters.length; i++) { + // if (trimmedName.indexOf(invalidCharacters[i]) !== -1) { + // throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."); + // } + //} return true; }, displayStorageWarnings: function() { diff --git a/lib/private/connector/sabre/exception/invalidpath.php b/lib/private/connector/sabre/exception/invalidpath.php new file mode 100644 index 00000000000..18285994bcc --- /dev/null +++ b/lib/private/connector/sabre/exception/invalidpath.php @@ -0,0 +1,57 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. */ + +class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception { + + /** + * @var bool + */ + private $retry; + + /** + * @param string $message + * @param bool $retry + */ + public function __construct($message, $retry = false) { + parent::__construct($message); + $this->retry = $retry; + } + + /** + * Returns the HTTP status code for this exception + * + * @return int + */ + public function getHTTPCode() { + + return 400; + + } + + /** + * This method allows the exception to include additional information into the WebDAV error response + * + * @param \Sabre\DAV\Server $server + * @param \DOMElement $errorNode + * @return void + */ + public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) { + + // set owncloud namespace + $errorNode->setAttribute('xmlns:o', OC_Connector_Sabre_FilesPlugin::NS_OWNCLOUD); + + // adding the retry node + $error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true)); + $errorNode->appendChild($error); + + // adding the message node + $error = $errorNode->ownerDocument->createElementNS('o:','o:reason', $this->getMessage()); + $errorNode->appendChild($error); + } + +} diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 7ef6eea768e..8f0642d794a 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -66,17 +66,15 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile { throw new \Sabre\DAV\Exception\ServiceUnavailable("Encryption is disabled"); } - $fileName = basename($this->info->getPath()); - if (!\OCP\Util::isValidFileName($fileName)) { - throw new \Sabre\DAV\Exception\BadRequest(); - } + // verify path of the target + $this->verifyPath(); // chunked handling if (isset($_SERVER['HTTP_OC_CHUNKED'])) { return $this->createFileChunked($data); } - list($storage,) = $this->fileView->resolvePath($this->path); + list($storage) = $this->fileView->resolvePath($this->path); $needsPartFile = $this->needsPartFile($storage) && (strlen($this->path) > 1); if ($needsPartFile) { @@ -329,5 +327,5 @@ class File extends \OC\Connector\Sabre\Node implements \Sabre\DAV\IFile { // and/or add method on Storage called "needsPartFile()" return !$storage->instanceOfStorage('OCA\Files_Sharing\External\Storage') && !$storage->instanceOfStorage('OC\Files\Storage\OwnCloud'); - } + } } diff --git a/lib/private/connector/sabre/node.php b/lib/private/connector/sabre/node.php index 8fee6a4eb4e..775e18657f1 100644 --- a/lib/private/connector/sabre/node.php +++ b/lib/private/connector/sabre/node.php @@ -103,9 +103,8 @@ abstract class Node implements \Sabre\DAV\INode { list($parentPath,) = \Sabre\HTTP\URLUtil::splitPath($this->path); list(, $newName) = \Sabre\HTTP\URLUtil::splitPath($name); - if (!\OCP\Util::isValidFileName($newName)) { - throw new \Sabre\DAV\Exception\BadRequest(); - } + // verify path of the target + $this->verifyPath(); $newPath = $parentPath . '/' . $newName; @@ -230,4 +229,13 @@ abstract class Node implements \Sabre\DAV\INode { } return $p; } + + protected function verifyPath() { + try { + $fileName = basename($this->info->getPath()); + $this->fileView->verifyPath($this->path, $fileName); + } catch (\OCP\Files\InvalidPathException $ex) { + throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage()); + } + } } diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php index 5edd949eeaf..04ca1d7104d 100644 --- a/lib/private/connector/sabre/objecttree.php +++ b/lib/private/connector/sabre/objecttree.php @@ -11,6 +11,7 @@ namespace OC\Connector\Sabre; use OC\Files\FileInfo; use OC\Files\Filesystem; use OC\Files\Mount\MoveableMount; +use OC_Connector_Sabre_Exception_InvalidPath; use OCP\Files\StorageInvalidException; use OCP\Files\StorageNotAvailableException; @@ -185,8 +186,10 @@ class ObjectTree extends \Sabre\DAV\Tree { } $fileName = basename($destinationPath); - if (!\OCP\Util::isValidFileName($fileName)) { - throw new \Sabre\DAV\Exception\BadRequest(); + try { + $this->fileView->verifyPath($destinationDir, $fileName); + } catch (\OCP\Files\InvalidPathException $ex) { + throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage()); } $renameOkay = $this->fileView->rename($sourcePath, $destinationPath); diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index edd756cbf1e..a9ba034f4ee 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -8,8 +8,12 @@ namespace OC\Files\Storage; +use OC\Files\Cache\Cache; +use OC\Files\Cache\Scanner; +use OC\Files\Cache\Storage; use OC\Files\Filesystem; use OC\Files\Cache\Watcher; +use OCP\Files\InvalidPathException; /** * Storage backend class for providing common filesystem operation methods @@ -25,7 +29,6 @@ use OC\Files\Cache\Watcher; abstract class Common implements \OC\Files\Storage\Storage { protected $cache; protected $scanner; - protected $permissioncache; protected $watcher; protected $storageCache; @@ -303,7 +306,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $storage = $this; } if (!isset($this->cache)) { - $this->cache = new \OC\Files\Cache\Cache($storage); + $this->cache = new Cache($storage); } return $this->cache; } @@ -313,7 +316,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $storage = $this; } if (!isset($this->scanner)) { - $this->scanner = new \OC\Files\Cache\Scanner($storage); + $this->scanner = new Scanner($storage); } return $this->scanner; } @@ -323,7 +326,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $storage = $this; } if (!isset($this->watcher)) { - $this->watcher = new \OC\Files\Cache\Watcher($storage); + $this->watcher = new Watcher($storage); $this->watcher->setPolicy(\OC::$server->getConfig()->getSystemValue('filesystem_check_changes', Watcher::CHECK_ONCE)); } return $this->watcher; @@ -334,7 +337,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $storage = $this; } if (!isset($this->storageCache)) { - $this->storageCache = new \OC\Files\Cache\Storage($storage); + $this->storageCache = new Storage($storage); } return $this->storageCache; } @@ -451,4 +454,58 @@ abstract class Common implements \OC\Files\Storage\Storage { return []; } + /** + * @inheritdoc + */ + public function verifyPath($path, $fileName) { + // NOTE: $path will remain unverified for now + if (\OC_Util::runningOnWindows()) { + $this->verifyWindowsPath($fileName); + } else { + $this->verifyPosixPath($fileName); + } + } + + /** + * https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx + * @param string $fileName + * @throws InvalidPathException + */ + private function verifyWindowsPath($fileName) { + $fileName = trim($fileName); + $this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*"); + $reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']; + if (in_array(strtoupper($fileName), $reservedNames)) { + throw new InvalidPathException("File name is a reserved word"); + } + } + + /** + * @param string $fileName + * @throws InvalidPathException + */ + private function verifyPosixPath($fileName) { + $fileName = trim($fileName); + $this->scanForInvalidCharacters($fileName, "\\/"); + $reservedNames = ['*']; + if (in_array($fileName, $reservedNames)) { + throw new InvalidPathException("File name is a reserved word"); + } + } + + /** + * @param $fileName + * @throws InvalidPathException + */ + private function scanForInvalidCharacters($fileName, $invalidChars) { + foreach (str_split($fileName) as $char) { + if (strpos($invalidChars, $char) !== false) { + throw new InvalidPathException('File name contains at least one invalid characters'); + } + if (ord($char) >= 0 && ord($char) <= 31) { + throw new InvalidPathException('File name contains at least one invalid characters'); + } + } + } + } diff --git a/lib/private/files/storage/wrapper/wrapper.php b/lib/private/files/storage/wrapper/wrapper.php index ea9de287361..9208a7f7774 100644 --- a/lib/private/files/storage/wrapper/wrapper.php +++ b/lib/private/files/storage/wrapper/wrapper.php @@ -8,6 +8,8 @@ namespace OC\Files\Storage\Wrapper; +use OCP\Files\InvalidPathException; + class Wrapper implements \OC\Files\Storage\Storage { /** * @var \OC\Files\Storage\Storage $storage @@ -477,4 +479,14 @@ class Wrapper implements \OC\Files\Storage\Storage { public function getDirectDownload($path) { return $this->storage->getDirectDownload($path); } + + /** + * @param string $path the path of the target folder + * @param string $fileName the name of the file itself + * @return void + * @throws InvalidPathException + */ + public function verifyPath($path, $fileName) { + $this->storage->verifyPath($path, $fileName); + } } diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 4f9a4001d69..17fad72e5e7 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -11,6 +11,7 @@ namespace OC\Files; use OC\Files\Cache\Updater; use OC\Files\Mount\MoveableMount; +use OCP\Files\InvalidPathException; /** * Class to provide access to ownCloud filesystem via a "view", and methods for @@ -29,11 +30,10 @@ use OC\Files\Mount\MoveableMount; * \OC\Files\Storage\Storage object */ class View { + /** @var string */ private $fakeRoot = ''; - /** - * @var \OC\Files\Cache\Updater - */ + /** @var \OC\Files\Cache\Updater */ protected $updater; /** @@ -116,7 +116,7 @@ class View { * get the mountpoint of the storage object for a path * ( note: because a storage is not always mounted inside the fakeroot, the * returned mountpoint is relative to the absolute root of the filesystem - * and doesn't take the chroot into account ) + * and does not take the chroot into account ) * * @param string $path * @return string @@ -129,7 +129,7 @@ class View { * get the mountpoint of the storage object for a path * ( note: because a storage is not always mounted inside the fakeroot, the * returned mountpoint is relative to the absolute root of the filesystem - * and doesn't take the chroot into account ) + * and does not take the chroot into account ) * * @param string $path * @return \OCP\Files\Mount\IMountPoint @@ -1532,7 +1532,32 @@ class View { /** * @return Updater */ - public function getUpdater(){ + public function getUpdater() { return $this->updater; } + + public function verifyPath($path, $fileName) { + + // verify empty and dot files + $trimmed = trim($fileName); + if ($trimmed === '') { + throw new InvalidPathException('Empty filename is not allowed'); + } + if ($trimmed === '.' || $trimmed === '..') { + throw new InvalidPathException('Dot files are not allowed'); + } + + // verify database - e.g. mysql only 3-byte chars + if (preg_match('%^(?: + \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 + | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 + | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 +)*$%xs', $fileName)) { + throw new InvalidPathException('4-byte characters are not supported in file names'); + } + + /** @type \OCP\Files\Storage $storage */ + list($storage, $internalPath) = $this->resolvePath($path); + $storage->verifyPath($internalPath, $fileName); + } } diff --git a/lib/public/files/storage.php b/lib/public/files/storage.php index 3e6559c28f7..388ba5fa6ac 100644 --- a/lib/public/files/storage.php +++ b/lib/public/files/storage.php @@ -28,6 +28,7 @@ // use OCP namespace for all classes that are considered public. // This means that they should be used by apps instead of the internal ownCloud classes namespace OCP\Files; +use OCP\Files\InvalidPathException; /** * Provide a common interface to all different storage options @@ -345,4 +346,12 @@ interface Storage { * @return array|false */ public function getDirectDownload($path); + + /** + * @param string $path the path of the target folder + * @param string $fileName the name of the file itself + * @return void + * @throws InvalidPathException + */ + public function verifyPath($path, $fileName); } diff --git a/tests/lib/connector/sabre/exception/invalidpathtest.php b/tests/lib/connector/sabre/exception/invalidpathtest.php new file mode 100644 index 00000000000..ee3da8c3886 --- /dev/null +++ b/tests/lib/connector/sabre/exception/invalidpathtest.php @@ -0,0 +1,41 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ +class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase { + + public function testSerialization() { + + // create xml doc + $DOM = new \DOMDocument('1.0','utf-8'); + $DOM->formatOutput = true; + $error = $DOM->createElementNS('DAV:','d:error'); + $error->setAttribute('xmlns:s', Sabre\DAV\Server::NS_SABREDAV); + $DOM->appendChild($error); + + // serialize the exception + $message = "1234567890"; + $retry = false; + $expectedXml = << + + false + 1234567890 + + +EOD; + + + $ex = new OC_Connector_Sabre_Exception_InvalidPath($message, $retry); + $server = $this->getMock('Sabre\DAV\Server'); + $ex->serialize($server, $error); + + // assert + $xml = $DOM->saveXML(); + $this->assertEquals($expectedXml, $xml); + } +} diff --git a/tests/lib/files/pathverificationtest.php b/tests/lib/files/pathverificationtest.php new file mode 100644 index 00000000000..fafc98cc3cc --- /dev/null +++ b/tests/lib/files/pathverificationtest.php @@ -0,0 +1,226 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. */ + +namespace Test\Files; + +use OC\Files\Storage\Local; +use OC\Files\View; + +class PathVerification extends \Test\TestCase { + + /** + * @var \OC\Files\View + */ + private $view; + + protected function setUp() { + parent::setUp(); + $this->view = new View(); + } + + /** + * @dataProvider providesEmptyFiles + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage Empty filename is not allowed + */ + public function testPathVerificationEmptyFileName($fileName) { + $this->view->verifyPath('', $fileName); + } + + public function providesEmptyFiles() { + return [ + [''], + [' '], + ]; + } + + /** + * @dataProvider providesDotFiles + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage Dot files are not allowed + */ + public function testPathVerificationDotFiles($fileName) { + $this->view->verifyPath('', $fileName); + } + + public function providesDotFiles() { + return [ + ['.'], + ['..'], + [' .'], + [' ..'], + ['. '], + ['.. '], + [' . '], + [' .. '], + ]; + } + + /** + * @dataProvider providesAstralPlane + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage 4-byte characters are not supported in file names + */ + public function testPathVerificationAstralPlane($fileName) { + $this->view->verifyPath('', $fileName); + } + + public function providesAstralPlane() { + return [ + // this is the monkey emoji - http://en.wikipedia.org/w/index.php?title=%F0%9F%90%B5&redirect=no + ['🐵'], + ]; + } + + /** + * @dataProvider providesInvalidCharsWindows + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage File name contains at least one invalid characters + */ + public function testPathVerificationInvalidCharsWindows($fileName) { + $storage = new Local(['datadir' => '']); + + $fileName = " 123{$fileName}456 "; + \Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]); + } + + public function providesInvalidCharsWindows() { + return [ + [\chr(0)], + [\chr(1)], + [\chr(2)], + [\chr(3)], + [\chr(4)], + [\chr(5)], + [\chr(6)], + [\chr(7)], + [\chr(8)], + [\chr(9)], + [\chr(10)], + [\chr(11)], + [\chr(12)], + [\chr(13)], + [\chr(14)], + [\chr(15)], + [\chr(16)], + [\chr(17)], + [\chr(18)], + [\chr(19)], + [\chr(20)], + [\chr(21)], + [\chr(22)], + [\chr(23)], + [\chr(24)], + [\chr(25)], + [\chr(26)], + [\chr(27)], + [\chr(28)], + [\chr(29)], + [\chr(30)], + [\chr(31)], + ['<'], + ['>'], + [':'], + ['"'], + ['/'], + ['\\'], + ['|'], + ['?'], + ['*'], + ]; + } + + /** + * @dataProvider providesInvalidCharsPosix + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage File name contains at least one invalid characters + */ + public function testPathVerificationInvalidCharsPosix($fileName) { + $storage = new Local(['datadir' => '']); + + $fileName = " 123{$fileName}456 "; + \Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]); + } + + public function providesInvalidCharsPosix() { + return [ + [\chr(0)], + [\chr(1)], + [\chr(2)], + [\chr(3)], + [\chr(4)], + [\chr(5)], + [\chr(6)], + [\chr(7)], + [\chr(8)], + [\chr(9)], + [\chr(10)], + [\chr(11)], + [\chr(12)], + [\chr(13)], + [\chr(14)], + [\chr(15)], + [\chr(16)], + [\chr(17)], + [\chr(18)], + [\chr(19)], + [\chr(20)], + [\chr(21)], + [\chr(22)], + [\chr(23)], + [\chr(24)], + [\chr(25)], + [\chr(26)], + [\chr(27)], + [\chr(28)], + [\chr(29)], + [\chr(30)], + [\chr(31)], + ['/'], + ['\\'], + ]; + } + + /** + * @dataProvider providesReservedNamesWindows + * @expectedException \OCP\Files\InvalidPathException + * @expectedExceptionMessage File name is a reserved word + */ + public function testPathVerificationReservedNamesWindows($fileName) { + $storage = new Local(['datadir' => '']); + + \Test_Helper::invokePrivate($storage, 'verifyWindowsPath', [$fileName]); + } + + public function providesReservedNamesWindows() { + return [ + [' CON '], + ['prn '], + ['AUX'], + ['NUL'], + ['COM1'], + ['COM2'], + ['COM3'], + ['COM4'], + ['COM5'], + ['COM6'], + ['COM7'], + ['COM8'], + ['COM9'], + ['LPT1'], + ['LPT2'], + ['LPT3'], + ['LPT4'], + ['LPT5'], + ['LPT6'], + ['LPT7'], + ['LPT8'], + ['LPT9'] + ]; + } + +} From 49e1a81eba45fe33e00c217758656cf9201ec0cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Wed, 18 Feb 2015 18:28:24 +0100 Subject: [PATCH 2/8] fixing namespaces and PHPDoc --- .../connector/sabre/exception/invalidpath.php | 16 +++++--- lib/private/connector/sabre/node.php | 40 ++++++++++++------- lib/private/connector/sabre/objecttree.php | 3 +- lib/private/files/view.php | 5 +++ tests/lib/connector/sabre/directory.php | 2 + .../sabre/exception/invalidpathtest.php | 11 +++-- tests/lib/connector/sabre/file.php | 19 +++++---- tests/lib/connector/sabre/node.php | 3 -- tests/lib/connector/sabre/objecttree.php | 22 +++++----- 9 files changed, 76 insertions(+), 45 deletions(-) diff --git a/lib/private/connector/sabre/exception/invalidpath.php b/lib/private/connector/sabre/exception/invalidpath.php index 18285994bcc..ecf28f377b0 100644 --- a/lib/private/connector/sabre/exception/invalidpath.php +++ b/lib/private/connector/sabre/exception/invalidpath.php @@ -1,12 +1,17 @@ * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ -class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception { +namespace OC\Connector\Sabre\Exception; + +use Sabre\DAV\Exception; + +class InvalidPath extends Exception { + + const NS_OWNCLOUD = 'http://owncloud.org/ns'; /** * @var bool @@ -34,7 +39,8 @@ class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception { } /** - * This method allows the exception to include additional information into the WebDAV error response + * This method allows the exception to include additional information + * into the WebDAV error response * * @param \Sabre\DAV\Server $server * @param \DOMElement $errorNode @@ -42,8 +48,8 @@ class OC_Connector_Sabre_Exception_InvalidPath extends \Sabre\DAV\Exception { */ public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) { - // set owncloud namespace - $errorNode->setAttribute('xmlns:o', OC_Connector_Sabre_FilesPlugin::NS_OWNCLOUD); + // set ownCloud namespace + $errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD); // adding the retry node $error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true)); diff --git a/lib/private/connector/sabre/node.php b/lib/private/connector/sabre/node.php index 775e18657f1..cdabf26a3fb 100644 --- a/lib/private/connector/sabre/node.php +++ b/lib/private/connector/sabre/node.php @@ -1,28 +1,40 @@ + * @author Bart Visscher + * @author Björn Schießle + * @author Jakob Sack + * @author Jörn Friedrich Dreyer + * @author Klaas Freitag + * @author Markus Goetz + * @author Morris Jobke + * @author Robin Appelman + * @author Sam Tuke + * @author Thomas Müller + * @author Vincent Petry * - * @author Jakob Sack - * @copyright 2011 Jakob Sack kde@jakobsack.de + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. * - * This library is distributed in the hope that it will be useful, + * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see . + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see * */ namespace OC\Connector\Sabre; +use OC\Connector\Sabre\Exception\InvalidPath; + + abstract class Node implements \Sabre\DAV\INode { /** * Allow configuring the method used to generate Etags @@ -235,7 +247,7 @@ abstract class Node implements \Sabre\DAV\INode { $fileName = basename($this->info->getPath()); $this->fileView->verifyPath($this->path, $fileName); } catch (\OCP\Files\InvalidPathException $ex) { - throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage()); + throw new InvalidPath($ex->getMessage()); } } } diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php index 04ca1d7104d..3705aa80586 100644 --- a/lib/private/connector/sabre/objecttree.php +++ b/lib/private/connector/sabre/objecttree.php @@ -8,6 +8,7 @@ namespace OC\Connector\Sabre; +use OC\Connector\Sabre\Exception\InvalidPath; use OC\Files\FileInfo; use OC\Files\Filesystem; use OC\Files\Mount\MoveableMount; @@ -189,7 +190,7 @@ class ObjectTree extends \Sabre\DAV\Tree { try { $this->fileView->verifyPath($destinationDir, $fileName); } catch (\OCP\Files\InvalidPathException $ex) { - throw new OC_Connector_Sabre_Exception_InvalidPath($ex->getMessage()); + throw new InvalidPath($ex->getMessage()); } $renameOkay = $this->fileView->rename($sourcePath, $destinationPath); diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 17fad72e5e7..6a93d7bbf8a 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -1536,6 +1536,11 @@ class View { return $this->updater; } + /** + * @param string $path + * @param string $fileName + * @throws InvalidPathException + */ public function verifyPath($path, $fileName) { // verify empty and dot files diff --git a/tests/lib/connector/sabre/directory.php b/tests/lib/connector/sabre/directory.php index e7fbd1d27b6..2550f2bcef1 100644 --- a/tests/lib/connector/sabre/directory.php +++ b/tests/lib/connector/sabre/directory.php @@ -8,7 +8,9 @@ */ class Test_OC_Connector_Sabre_Directory extends \Test\TestCase { + /** @var OC\Files\View | PHPUnit_Framework_MockObject_MockObject */ private $view; + /** @var OC\Files\FileInfo | PHPUnit_Framework_MockObject_MockObject */ private $info; protected function setUp() { diff --git a/tests/lib/connector/sabre/exception/invalidpathtest.php b/tests/lib/connector/sabre/exception/invalidpathtest.php index ee3da8c3886..d2d58887d62 100644 --- a/tests/lib/connector/sabre/exception/invalidpathtest.php +++ b/tests/lib/connector/sabre/exception/invalidpathtest.php @@ -1,12 +1,16 @@ * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ -class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase { +class InvalidPathTest extends \Test\TestCase { public function testSerialization() { @@ -14,7 +18,7 @@ class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase { $DOM = new \DOMDocument('1.0','utf-8'); $DOM->formatOutput = true; $error = $DOM->createElementNS('DAV:','d:error'); - $error->setAttribute('xmlns:s', Sabre\DAV\Server::NS_SABREDAV); + $error->setAttribute('xmlns:s', \Sabre\DAV\Server::NS_SABREDAV); $DOM->appendChild($error); // serialize the exception @@ -29,8 +33,7 @@ class Test_OC_Connector_Sabre_Exception_InvalidPath extends \Test\TestCase { EOD; - - $ex = new OC_Connector_Sabre_Exception_InvalidPath($message, $retry); + $ex = new InvalidPath($message, $retry); $server = $this->getMock('Sabre\DAV\Server'); $ex->serialize($server, $error); diff --git a/tests/lib/connector/sabre/file.php b/tests/lib/connector/sabre/file.php index 2ef5fd794be..f2812e390ac 100644 --- a/tests/lib/connector/sabre/file.php +++ b/tests/lib/connector/sabre/file.php @@ -6,7 +6,12 @@ * See the COPYING-README file. */ -class Test_OC_Connector_Sabre_File extends \Test\TestCase { +namespace Test\Connector\Sabre; + + +use OC_Connector_Sabre_File; + +class File extends \Test\TestCase { /** * @expectedException \Sabre\DAV\Exception @@ -93,7 +98,7 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase { } /** - * @expectedException \Sabre\DAV\Exception\BadRequest + * @expectedException \OC\Connector\Sabre\Exception\InvalidPath */ public function testSimplePutInvalidChars() { // setup @@ -104,9 +109,9 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase { $view->expects($this->any()) ->method('getRelativePath') - ->will($this->returnValue('/super*star.txt')); + ->will($this->returnValue('/*')); - $info = new \OC\Files\FileInfo('/super*star.txt', null, null, array( + $info = new \OC\Files\FileInfo('/*', null, null, array( 'permissions' => \OCP\Constants::PERMISSION_ALL ), null); $file = new \OC\Connector\Sabre\File($view, $info); @@ -117,7 +122,7 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase { /** * Test setting name with setName() with invalid chars - * @expectedException \Sabre\DAV\Exception\BadRequest + * @expectedException \OC\Connector\Sabre\Exception\InvalidPath */ public function testSetNameInvalidChars() { // setup @@ -125,9 +130,9 @@ class Test_OC_Connector_Sabre_File extends \Test\TestCase { $view->expects($this->any()) ->method('getRelativePath') - ->will($this->returnValue('/super*star.txt')); + ->will($this->returnValue('/*')); - $info = new \OC\Files\FileInfo('/super*star.txt', null, null, array( + $info = new \OC\Files\FileInfo('/*', null, null, array( 'permissions' => \OCP\Constants::PERMISSION_ALL ), null); $file = new \OC\Connector\Sabre\File($view, $info); diff --git a/tests/lib/connector/sabre/node.php b/tests/lib/connector/sabre/node.php index e1ae05b2170..3b3a6107813 100644 --- a/tests/lib/connector/sabre/node.php +++ b/tests/lib/connector/sabre/node.php @@ -9,9 +9,6 @@ namespace Test\Connector\Sabre; -use OC\Files\FileInfo; -use OC\Files\View; - class Node extends \Test\TestCase { public function davPermissionsProvider() { return array( diff --git a/tests/lib/connector/sabre/objecttree.php b/tests/lib/connector/sabre/objecttree.php index 0709aa89c63..d2702027b0d 100644 --- a/tests/lib/connector/sabre/objecttree.php +++ b/tests/lib/connector/sabre/objecttree.php @@ -47,29 +47,29 @@ class ObjectTree extends \Test\TestCase { * @dataProvider moveFailedProvider * @expectedException \Sabre\DAV\Exception\Forbidden */ - public function testMoveFailed($source, $dest, $updatables, $deletables) { - $this->moveTest($source, $dest, $updatables, $deletables); + public function testMoveFailed($source, $destination, $updatables, $deletables) { + $this->moveTest($source, $destination, $updatables, $deletables); } /** * @dataProvider moveSuccessProvider */ - public function testMoveSuccess($source, $dest, $updatables, $deletables) { - $this->moveTest($source, $dest, $updatables, $deletables); + public function testMoveSuccess($source, $destination, $updatables, $deletables) { + $this->moveTest($source, $destination, $updatables, $deletables); $this->assertTrue(true); } /** * @dataProvider moveFailedInvalidCharsProvider - * @expectedException \Sabre\DAV\Exception\BadRequest + * @expectedException \OC\Connector\Sabre\Exception\InvalidPath */ - public function testMoveFailedInvalidChars($source, $dest, $updatables, $deletables) { - $this->moveTest($source, $dest, $updatables, $deletables); + public function testMoveFailedInvalidChars($source, $destination, $updatables, $deletables) { + $this->moveTest($source, $destination, $updatables, $deletables); } function moveFailedInvalidCharsProvider() { return array( - array('a/b', 'a/c*', array('a' => false, 'a/b' => true, 'a/c*' => false), array()), + array('a/b', 'a/*', array('a' => false, 'a/b' => true, 'a/c*' => false), array()), ); } @@ -94,10 +94,10 @@ class ObjectTree extends \Test\TestCase { /** * @param $source - * @param $dest + * @param $destination * @param $updatables */ - private function moveTest($source, $dest, $updatables, $deletables) { + private function moveTest($source, $destination, $updatables, $deletables) { $view = new TestDoubleFileView($updatables, $deletables); $info = new FileInfo('', null, null, array(), null); @@ -115,7 +115,7 @@ class ObjectTree extends \Test\TestCase { /** @var $objectTree \OC\Connector\Sabre\ObjectTree */ $mountManager = \OC\Files\Filesystem::getMountManager(); $objectTree->init($rootDir, $view, $mountManager); - $objectTree->move($source, $dest); + $objectTree->move($source, $destination); } /** From e28d314b53b82d5b71d16b7749563337d562dbe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Wed, 18 Feb 2015 18:35:27 +0100 Subject: [PATCH 3/8] deprecate isValidFileName() --- lib/private/util.php | 1 + lib/public/util.php | 1 + 2 files changed, 2 insertions(+) diff --git a/lib/private/util.php b/lib/private/util.php index 4c60af88189..0e5d08e180e 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1416,6 +1416,7 @@ class OC_Util { * * @param string $file file name to check * @return bool true if the file name is valid, false otherwise + * @deprecated use \OC\Files\View::verifyPath() */ public static function isValidFileName($file) { $trimmed = trim($file); diff --git a/lib/public/util.php b/lib/public/util.php index e6e14a26e01..aa6cd5ba012 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -497,6 +497,7 @@ class Util { * Returns whether the given file name is valid * @param string $file file name to check * @return bool true if the file name is valid, false otherwise + * @deprecated use \OC\Files\View::verifyPath() */ public static function isValidFileName($file) { return \OC_Util::isValidFileName($file); From abacfd84dad4334e26b44b367127d45fdaf3fde6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Thu, 19 Feb 2015 11:23:01 +0100 Subject: [PATCH 4/8] fixing js unit tests --- apps/files/js/files.js | 8 -------- apps/files/tests/js/fileUploadSpec.js | 13 ------------- apps/files/tests/js/filesSpec.js | 10 ---------- 3 files changed, 31 deletions(-) diff --git a/apps/files/js/files.js b/apps/files/js/files.js index ddb2a80259c..e63c3cad52e 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -102,14 +102,6 @@ } else if (trimmedName.length === 0) { throw t('files', 'File name cannot be empty.'); } - // check for invalid characters - //var invalidCharacters = - // ['\\', '/', '<', '>', ':', '"', '|', '?', '*', '\n']; - //for (var i = 0; i < invalidCharacters.length; i++) { - // if (trimmedName.indexOf(invalidCharacters[i]) !== -1) { - // throw t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."); - // } - //} return true; }, displayStorageWarnings: function() { diff --git a/apps/files/tests/js/fileUploadSpec.js b/apps/files/tests/js/fileUploadSpec.js index 2b4341ef1c3..49b7265ced1 100644 --- a/apps/files/tests/js/fileUploadSpec.js +++ b/apps/files/tests/js/fileUploadSpec.js @@ -110,18 +110,5 @@ describe('OC.Upload tests', function() { 'Not enough free space, you are uploading 5 kB but only 1000 B is left' ); }); - it('does not add file if it has invalid characters', function() { - var result; - testFile.name = 'stars*stars.txt'; - - result = addFile(testFile); - - expect(result).toEqual(false); - expect(failStub.calledOnce).toEqual(true); - expect(failStub.getCall(0).args[1].textStatus).toEqual('invalidcharacters'); - expect(failStub.getCall(0).args[1].errorThrown.substr(0, 12)).toEqual( - 'Invalid name' - ); - }); }); }); diff --git a/apps/files/tests/js/filesSpec.js b/apps/files/tests/js/filesSpec.js index 4f8d5a29318..f20ba03e2f1 100644 --- a/apps/files/tests/js/filesSpec.js +++ b/apps/files/tests/js/filesSpec.js @@ -55,16 +55,6 @@ describe('OCA.Files.Files tests', function() { ' ', '.', '..', - 'back\\slash', - 'sl/ash', - 'ltgt', - 'col:on', - 'double"quote', - 'pi|pe', - 'dont?ask?questions?', - 'super*star', - 'new\nline', ' ..', '.. ', '. ', From 2f18a09a20cf62438c742c3020215cab03bc997d Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 20 Feb 2015 18:19:14 +0100 Subject: [PATCH 5/8] Optimize loop --- lib/private/files/storage/common.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index a9ba034f4ee..091f89662d5 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -494,18 +494,21 @@ abstract class Common implements \OC\Files\Storage\Storage { } /** - * @param $fileName + * @param string $fileName + * @param string $invalidChars * @throws InvalidPathException */ private function scanForInvalidCharacters($fileName, $invalidChars) { - foreach (str_split($fileName) as $char) { - if (strpos($invalidChars, $char) !== false) { - throw new InvalidPathException('File name contains at least one invalid characters'); - } - if (ord($char) >= 0 && ord($char) <= 31) { + foreach(str_split($invalidChars) as $char) { + if (strpos($fileName, $char) !== false) { throw new InvalidPathException('File name contains at least one invalid characters'); } } + + $sanitizedFileName = filter_var($fileName, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); + if($sanitizedFileName !== $fileName) { + throw new InvalidPathException('File name contains at least one invalid characters'); + } } } From 33b11682f9826346f48b7587161dc5a43944a063 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Tue, 24 Feb 2015 17:20:59 +0100 Subject: [PATCH 6/8] translate error messages --- lib/private/files/storage/common.php | 17 +++++++++++------ lib/private/files/view.php | 8 +++++--- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index 091f89662d5..e948b5aa35a 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -471,12 +471,12 @@ abstract class Common implements \OC\Files\Storage\Storage { * @param string $fileName * @throws InvalidPathException */ - private function verifyWindowsPath($fileName) { + protected function verifyWindowsPath($fileName) { $fileName = trim($fileName); $this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*"); $reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']; if (in_array(strtoupper($fileName), $reservedNames)) { - throw new InvalidPathException("File name is a reserved word"); + throw new InvalidPathException($this->t("File name is a reserved word")); } } @@ -484,12 +484,12 @@ abstract class Common implements \OC\Files\Storage\Storage { * @param string $fileName * @throws InvalidPathException */ - private function verifyPosixPath($fileName) { + protected function verifyPosixPath($fileName) { $fileName = trim($fileName); $this->scanForInvalidCharacters($fileName, "\\/"); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { - throw new InvalidPathException("File name is a reserved word"); + throw new InvalidPathException($this->t('File name is a reserved word')); } } @@ -501,14 +501,19 @@ abstract class Common implements \OC\Files\Storage\Storage { private function scanForInvalidCharacters($fileName, $invalidChars) { foreach(str_split($invalidChars) as $char) { if (strpos($fileName, $char) !== false) { - throw new InvalidPathException('File name contains at least one invalid characters'); + throw new InvalidPathException($this->t('File name contains at least one invalid characters')); } } $sanitizedFileName = filter_var($fileName, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); if($sanitizedFileName !== $fileName) { - throw new InvalidPathException('File name contains at least one invalid characters'); + throw new InvalidPathException($this->t('File name contains at least one invalid characters')); } } + private function t($string) { + $l10n = \OC::$server->getL10N('lib'); + return $l10n->t($string); + } + } diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 6a93d7bbf8a..9d8416d2331 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -1543,13 +1543,15 @@ class View { */ public function verifyPath($path, $fileName) { + $l10n = \OC::$server->getL10N('lib'); + // verify empty and dot files $trimmed = trim($fileName); if ($trimmed === '') { - throw new InvalidPathException('Empty filename is not allowed'); + throw new InvalidPathException($l10n->t('Empty filename is not allowed')); } if ($trimmed === '.' || $trimmed === '..') { - throw new InvalidPathException('Dot files are not allowed'); + throw new InvalidPathException($l10n->t('Dot files are not allowed')); } // verify database - e.g. mysql only 3-byte chars @@ -1558,7 +1560,7 @@ class View { | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 )*$%xs', $fileName)) { - throw new InvalidPathException('4-byte characters are not supported in file names'); + throw new InvalidPathException($l10n->t('4-byte characters are not supported in file names')); } /** @type \OCP\Files\Storage $storage */ From 2367797c17aafe0f0570477ff653894f3033e97c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Tue, 24 Feb 2015 17:42:26 +0100 Subject: [PATCH 7/8] Respect http header 'Accept-Language' on ocs and remote.php calls --- lib/private/l10n.php | 78 ++++++++++++++++++++++++-------------------- ocs/v1.php | 4 +-- remote.php | 3 ++ 3 files changed, 48 insertions(+), 37 deletions(-) diff --git a/lib/private/l10n.php b/lib/private/l10n.php index 4e9316c333e..4fd4a617be8 100644 --- a/lib/private/l10n.php +++ b/lib/private/l10n.php @@ -79,6 +79,48 @@ class OC_L10N implements \OCP\IL10N { $this->lang = $lang; } + /** + * @param $app + * @return string + */ + public static function setLanguageFromRequest($app = null) { + if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { + if (is_array($app)) { + $available = $app; + } else { + $available = self::findAvailableLanguages($app); + } + + // E.g. make sure that 'de' is before 'de_DE'. + sort($available); + + $preferences = preg_split('/,\s*/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE'])); + foreach ($preferences as $preference) { + list($preferred_language) = explode(';', $preference); + $preferred_language = str_replace('-', '_', $preferred_language); + foreach ($available as $available_language) { + if ($preferred_language === strtolower($available_language)) { + if (is_null($app)) { + self::$language = $available_language; + } + return $available_language; + } + } + foreach ($available as $available_language) { + if (substr($preferred_language, 0, 2) === $available_language) { + if (is_null($app)) { + self::$language = $available_language; + } + return $available_language; + } + } + } + } + + // Last try: English + return 'en'; + } + /** * @param $transFile * @param bool $mergeTranslations @@ -403,41 +445,7 @@ class OC_L10N implements \OCP\IL10N { return $default_language; } - if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { - if(is_array($app)) { - $available = $app; - } else { - $available = self::findAvailableLanguages($app); - } - - // E.g. make sure that 'de' is before 'de_DE'. - sort($available); - - $preferences = preg_split('/,\s*/', strtolower($_SERVER['HTTP_ACCEPT_LANGUAGE'])); - foreach($preferences as $preference) { - list($preferred_language) = explode(';', $preference); - $preferred_language = str_replace('-', '_', $preferred_language); - foreach($available as $available_language) { - if ($preferred_language === strtolower($available_language)) { - if (is_null($app)) { - self::$language = $available_language; - } - return $available_language; - } - } - foreach($available as $available_language) { - if (substr($preferred_language, 0, 2) === $available_language) { - if (is_null($app)) { - self::$language = $available_language; - } - return $available_language; - } - } - } - } - - // Last try: English - return 'en'; + return self::setLanguageFromRequest($app); } /** diff --git a/ocs/v1.php b/ocs/v1.php index b0f3e5e2b90..86631f39686 100644 --- a/ocs/v1.php +++ b/ocs/v1.php @@ -39,8 +39,8 @@ try { // load all apps to get all api routes properly setup OC_App::loadApps(); - // api calls always will return English - \OC_L10N::forceLanguage('en'); + // force language as given in the http request + \OC_L10N::setLanguageFromRequest(); OC::$server->getRouter()->match('/ocs'.\OC::$server->getRequest()->getRawPathInfo()); } catch (ResourceNotFoundException $e) { diff --git a/remote.php b/remote.php index 80173441e90..101b19a807d 100644 --- a/remote.php +++ b/remote.php @@ -29,6 +29,9 @@ try { exit; } + // force language as given in the http request + \OC_L10N::setLanguageFromRequest(); + $file=ltrim($file, '/'); $parts=explode('/', $file, 2); From 3623f14e73046a51953872fe49853bc200ac736d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Wed, 4 Mar 2015 14:03:47 +0100 Subject: [PATCH 8/8] no translation service in common storage class --- lib/private/files/storage/common.php | 16 +++----- lib/private/files/view.php | 14 +++++-- .../files/invalidcharacterinpathexception.php | 37 +++++++++++++++++++ lib/public/files/reservedwordexception.php | 37 +++++++++++++++++++ tests/lib/files/pathverificationtest.php | 9 ++--- 5 files changed, 94 insertions(+), 19 deletions(-) create mode 100644 lib/public/files/invalidcharacterinpathexception.php create mode 100644 lib/public/files/reservedwordexception.php diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index e948b5aa35a..8549d5a1fad 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -13,7 +13,9 @@ use OC\Files\Cache\Scanner; use OC\Files\Cache\Storage; use OC\Files\Filesystem; use OC\Files\Cache\Watcher; +use OCP\Files\InvalidCharacterInPathException; use OCP\Files\InvalidPathException; +use OCP\Files\ReservedWordException; /** * Storage backend class for providing common filesystem operation methods @@ -476,7 +478,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $this->scanForInvalidCharacters($fileName, "\\/<>:\"|?*"); $reservedNames = ['CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9']; if (in_array(strtoupper($fileName), $reservedNames)) { - throw new InvalidPathException($this->t("File name is a reserved word")); + throw new ReservedWordException(); } } @@ -489,7 +491,7 @@ abstract class Common implements \OC\Files\Storage\Storage { $this->scanForInvalidCharacters($fileName, "\\/"); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { - throw new InvalidPathException($this->t('File name is a reserved word')); + throw new ReservedWordException(); } } @@ -501,19 +503,13 @@ abstract class Common implements \OC\Files\Storage\Storage { private function scanForInvalidCharacters($fileName, $invalidChars) { foreach(str_split($invalidChars) as $char) { if (strpos($fileName, $char) !== false) { - throw new InvalidPathException($this->t('File name contains at least one invalid characters')); + throw new InvalidCharacterInPathException(); } } $sanitizedFileName = filter_var($fileName, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); if($sanitizedFileName !== $fileName) { - throw new InvalidPathException($this->t('File name contains at least one invalid characters')); + throw new InvalidCharacterInPathException(); } } - - private function t($string) { - $l10n = \OC::$server->getL10N('lib'); - return $l10n->t($string); - } - } diff --git a/lib/private/files/view.php b/lib/private/files/view.php index 9d8416d2331..f14209fd925 100644 --- a/lib/private/files/view.php +++ b/lib/private/files/view.php @@ -11,7 +11,9 @@ namespace OC\Files; use OC\Files\Cache\Updater; use OC\Files\Mount\MoveableMount; +use OCP\Files\InvalidCharacterInPathException; use OCP\Files\InvalidPathException; +use OCP\Files\ReservedWordException; /** * Class to provide access to ownCloud filesystem via a "view", and methods for @@ -1563,8 +1565,14 @@ class View { throw new InvalidPathException($l10n->t('4-byte characters are not supported in file names')); } - /** @type \OCP\Files\Storage $storage */ - list($storage, $internalPath) = $this->resolvePath($path); - $storage->verifyPath($internalPath, $fileName); + try { + /** @type \OCP\Files\Storage $storage */ + list($storage, $internalPath) = $this->resolvePath($path); + $storage->verifyPath($internalPath, $fileName); + } catch (ReservedWordException $ex) { + throw new InvalidPathException($l10n->t('File name is a reserved word')); + } catch (InvalidCharacterInPathException $ex) { + throw new InvalidPathException($l10n->t('File name contains at least one invalid characters')); + } } } diff --git a/lib/public/files/invalidcharacterinpathexception.php b/lib/public/files/invalidcharacterinpathexception.php new file mode 100644 index 00000000000..4ae2eb01c19 --- /dev/null +++ b/lib/public/files/invalidcharacterinpathexception.php @@ -0,0 +1,37 @@ +. + * + */ + +/** + * Public interface of ownCloud for apps to use. + * Files/InvalidCharacterInPathException class + */ + +// use OCP namespace for all classes that are considered public. +// This means that they should be used by apps instead of the internal ownCloud classes +namespace OCP\Files; + +/** + * Exception for invalid path + */ +class InvalidCharacterInPathException extends InvalidPathException { + +} diff --git a/lib/public/files/reservedwordexception.php b/lib/public/files/reservedwordexception.php new file mode 100644 index 00000000000..25c618a8ded --- /dev/null +++ b/lib/public/files/reservedwordexception.php @@ -0,0 +1,37 @@ +. + * + */ + +/** + * Public interface of ownCloud for apps to use. + * Files/ReservedWordException class + */ + +// use OCP namespace for all classes that are considered public. +// This means that they should be used by apps instead of the internal ownCloud classes +namespace OCP\Files; + +/** + * Exception for invalid path + */ +class ReservedWordException extends InvalidPathException { + +} diff --git a/tests/lib/files/pathverificationtest.php b/tests/lib/files/pathverificationtest.php index fafc98cc3cc..1a802a48f57 100644 --- a/tests/lib/files/pathverificationtest.php +++ b/tests/lib/files/pathverificationtest.php @@ -78,8 +78,7 @@ class PathVerification extends \Test\TestCase { /** * @dataProvider providesInvalidCharsWindows - * @expectedException \OCP\Files\InvalidPathException - * @expectedExceptionMessage File name contains at least one invalid characters + * @expectedException \OCP\Files\InvalidCharacterInPathException */ public function testPathVerificationInvalidCharsWindows($fileName) { $storage = new Local(['datadir' => '']); @@ -136,8 +135,7 @@ class PathVerification extends \Test\TestCase { /** * @dataProvider providesInvalidCharsPosix - * @expectedException \OCP\Files\InvalidPathException - * @expectedExceptionMessage File name contains at least one invalid characters + * @expectedException \OCP\Files\InvalidCharacterInPathException */ public function testPathVerificationInvalidCharsPosix($fileName) { $storage = new Local(['datadir' => '']); @@ -187,8 +185,7 @@ class PathVerification extends \Test\TestCase { /** * @dataProvider providesReservedNamesWindows - * @expectedException \OCP\Files\InvalidPathException - * @expectedExceptionMessage File name is a reserved word + * @expectedException \OCP\Files\ReservedWordException */ public function testPathVerificationReservedNamesWindows($fileName) { $storage = new Local(['datadir' => '']);