diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-12-06 01:29:01 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-12-06 01:29:01 +0300 |
| commit | 8491cfe8784fb6323241a3593d17f3932bac52a3 (patch) | |
| tree | 5c56ed78fdd19736e46f436be6fa235e64ef73de | |
| parent | 9fee1ac4051aef90bc86a20ca38fe6180a111a27 (diff) | |
| parent | 5a7dfcacc546141cea75bcb13d05af374b3f8723 (diff) | |
Merge pull request #2467 from nextcloud/backport-1972-invalid-files-from-scanner-9
[stable9] Make sure we don't scan files that can not be accessed
| -rw-r--r-- | lib/private/files/cache/scanner.php | 19 | ||||
| -rw-r--r-- | tests/lib/files/cache/scanner.php | 16 |
2 files changed, 35 insertions, 0 deletions
diff --git a/lib/private/files/cache/scanner.php b/lib/private/files/cache/scanner.php index d5f17f0f990..013af1c2484 100644 --- a/lib/private/files/cache/scanner.php +++ b/lib/private/files/cache/scanner.php @@ -131,6 +131,22 @@ class Scanner extends BasicEmitter implements IScanner { */ public function scanFile($file, $reuseExisting = 0, $parentId = -1, $cacheData = null, $lock = true) { + // verify database - e.g. mysql only 3-byte chars + if (preg_match('%(?: + \xF0[\x90-\xBF][\x80-\xBF]{2} # planes 1-3 + | [\xF1-\xF3][\x80-\xBF]{3} # planes 4-15 + | \xF4[\x80-\x8F][\x80-\xBF]{2} # plane 16 +)%xs', $file)) { + // 4-byte characters are not supported in file names + return null; + } + + try { + $this->storage->verifyPath(dirname($file), basename($file)); + } catch (\Exception $e) { + return null; + } + // only proceed if $file is not a partial file nor a blacklisted file if (!self::isPartialFile($file) and !Filesystem::isFileBlacklisted($file)) { @@ -162,6 +178,9 @@ class Scanner extends BasicEmitter implements IScanner { // scan the parent if it's not in the cache (id -1) and the current file is not the root folder if ($file and $parentId === -1) { $parentData = $this->scanFile($parent); + if (!$parentData) { + return null; + } $parentId = $parentData['fileid']; } if ($parent) { diff --git a/tests/lib/files/cache/scanner.php b/tests/lib/files/cache/scanner.php index b1eb3f589e8..5ed1135d468 100644 --- a/tests/lib/files/cache/scanner.php +++ b/tests/lib/files/cache/scanner.php @@ -69,6 +69,22 @@ class Scanner extends \Test\TestCase { $this->assertEquals($cachedData['mimetype'], 'image/png'); } + function testFile4Byte() { + $data = "dummy file data\n"; + $this->storage->file_put_contents('foo🙈.txt', $data); + + $this->assertNull($this->scanner->scanFile('foo🙈.txt')); + $this->assertFalse($this->cache->inCache('foo🙈.txt'), true); + } + + function testFileInvalidChars() { + $data = "dummy file data\n"; + $this->storage->file_put_contents("foo\nbar.txt", $data); + + $this->assertNull($this->scanner->scanFile("foo\nbar.txt")); + $this->assertFalse($this->cache->inCache("foo\nbar.txt"), true); + } + private function fillTestFolders() { $textData = "dummy file data\n"; $imgData = file_get_contents(\OC::$SERVERROOT . '/core/img/logo.png'); |