upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-09 00:32:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 35

Merge pull request #29895 from nextcloud/bugfix/noid/check-for-invalid-characters-before-trimming

Browse source 
Check for invalid characters before trimming
This commit is contained in:
Julius Härtl 2021-11-25 11:07:46 +01:00 committed by GitHub
commit d9d54ce782
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 32 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
build/integration/features/bootstrap/WebDav.php
View file

@ -458,7 +458,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -487,7 +490,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -502,7 +508,10 @@ trait WebDav {
try {
$this->response = $this->makeDavRequest($user, 'DELETE', $file, []);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -517,7 +526,10 @@ trait WebDav {
$destination = '/' . ltrim($destination, '/');
$this->response = $this->makeDavRequest($user, "MKCOL", $destination, []);
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 4xx and 5xx responses cause an exception
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}
@ -639,8 +651,12 @@ trait WebDav {
public function downloadingFileAs($fileName, $user) {
try {
$this->response = $this->makeDavRequest($user, 'GET', $fileName, []);
} catch (\GuzzleHttp\Exception\ServerException $ex) {
$this->response = $ex->getResponse();
} catch (\GuzzleHttp\Exception\ServerException $e) {
// 5xx responses cause a server exception
$this->response = $e->getResponse();
} catch (\GuzzleHttp\Exception\ClientException $e) {
// 4xx responses cause a client exception
$this->response = $e->getResponse();
}
}

9
build/integration/features/webdav-related.feature
View file

@ -619,3 +619,12 @@ Feature: webdav-related
And Downloaded content should be "BBBBB"
And Downloading file "/C.txt"
And Downloaded content should be "CCCCC"
Scenario: Creating a folder with invalid characters
Given using new dav path
And As an "admin"
And user "user0" exists
And user "user1" exists
And As an "user1"
And user "user1" created a folder "/testshare "
Then the HTTP status code should be "400"

2
lib/private/Files/Storage/Common.php
View file

@ -554,8 +554,8 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage {
* @throws InvalidPathException
*/
protected function verifyPosixPath($fileName) {
$fileName = trim($fileName);
$this->scanForInvalidCharacters($fileName, "\\/");
$fileName = trim($fileName);
$reservedNames = ['*'];
if (in_array($fileName, $reservedNames)) {
throw new ReservedWordException();