Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2015-07-27 14:03:13 +0300
committerMorris Jobke <hey@morrisjobke.de>2015-07-27 14:03:13 +0300
commitb186a7822c0ce1c16f8e76d9925d01850d235772 (patch)
tree9baf90328b9ed389a4049b49c44db6f2fff67185
parent385aefdc8fcb059a1757cc6f6100d92f85ef22dc (diff)
parent11dc65e76c096c7169cbf25f9b24925fb8f62c14 (diff)
Merge pull request #17897 from owncloud/backport-scan-check-path-stable8
[stable8] Backport scan check path stable8
Diffstat
-rw-r--r--lib/private/files/utils/scanner.php3
-rw-r--r--tests/lib/files/utils/scanner.php28
2 files changed, 31 insertions, 0 deletions
diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
index 662d4ac03c7..d04dbd2bd72 100644
--- a/lib/private/files/utils/scanner.php
+++ b/lib/private/files/utils/scanner.php
@@ -115,6 +115,9 @@ class Scanner extends PublicEmitter {
* @throws \OC\ForbiddenException
*/
public function scan($dir = '') {
+ if (!Filesystem::isValidPath($dir)) {
+ throw new \InvalidArgumentException('Invalid path to scan');
+ }
$mounts = $this->getMounts($dir);
foreach ($mounts as $mount) {
if (is_null($mount->getStorage())) {
diff --git a/tests/lib/files/utils/scanner.php b/tests/lib/files/utils/scanner.php
index 65ddfe47514..67282713731 100644
--- a/tests/lib/files/utils/scanner.php
+++ b/tests/lib/files/utils/scanner.php
@@ -150,4 +150,32 @@ class Scanner extends \Test\TestCase {
$newInfo = $cache->get('');
$this->assertNotEquals($oldInfo['etag'], $newInfo['etag']);
}
+
+ /**
+ * @return array
+ */
+ public function invalidPathProvider() {
+ return [
+ [
+ '../',
+ ],
+ [
+ '..\\',
+ ],
+ [
+ '../..\\../',
+ ],
+ ];
+ }
+
+ /**
+ * @dataProvider invalidPathProvider
+ * @expectedException \InvalidArgumentException
+ * @expectedExceptionMessage Invalid path to scan
+ * @param string $invalidPath
+ */
+ public function testInvalidPathScanning($invalidPath) {
+ $scanner = new TestScanner('', \OC::$server->getDatabaseConnection());
+ $scanner->scan($invalidPath);
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-05 04:01:26 +0300