Skip to content

Commit

Permalink
Merge pull request #47756 from nextcloud/fixingPathShareCheck
Browse files Browse the repository at this point in the history
fix(files): Check if target path is a descendant of the shared folder
  • Loading branch information
susnux authored Sep 6, 2024
2 parents e4fa996 + 0308001 commit 141fed8
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
3 changes: 2 additions & 1 deletion lib/private/Files/View.php
Original file line number Diff line number Diff line change
Expand Up @@ -1794,7 +1794,8 @@ private function targetIsNotShared(string $user, string $targetPath): bool {
}, $providers));

foreach ($shares as $share) {
if (str_starts_with($targetPath, $share->getNode()->getPath())) {
$sharedPath = $share->getNode()->getPath();
if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) {
$this->logger->debug(
'It is not allowed to move one mount point into a shared folder',
['app' => 'files']);
Expand Down
10 changes: 9 additions & 1 deletion tests/lib/Files/ViewTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -1668,17 +1668,24 @@ public function testMoveMountPointIntoAnother() {
public function testMoveMountPointIntoSharedFolder() {
self::loginAsUser($this->user);

[$mount1] = $this->createTestMovableMountPoints([
[$mount1, $mount2] = $this->createTestMovableMountPoints([
$this->user . '/files/mount1',
$this->user . '/files/mount2',
]);

$mount1->expects($this->never())
->method('moveMount');

$mount2->expects($this->once())
->method('moveMount')
->willReturn(true);

$view = new View('/' . $this->user . '/files/');
$view->mkdir('shareddir');
$view->mkdir('shareddir/sub');
$view->mkdir('shareddir/sub2');
// Create a similar named but non-shared folder
$view->mkdir('shareddir notshared');

$fileId = $view->getFileInfo('shareddir')->getId();
$userObject = \OC::$server->getUserManager()->createUser('test2', 'IHateNonMockableStaticClasses');
Expand All @@ -1697,6 +1704,7 @@ public function testMoveMountPointIntoSharedFolder() {
$this->assertFalse($view->rename('mount1', 'shareddir'), 'Cannot overwrite shared folder');
$this->assertFalse($view->rename('mount1', 'shareddir/sub'), 'Cannot move mount point into shared folder');
$this->assertFalse($view->rename('mount1', 'shareddir/sub/sub2'), 'Cannot move mount point into shared subfolder');
$this->assertTrue($view->rename('mount2', 'shareddir notshared/sub'), 'Can move mount point into a similarly named but non-shared folder');

$shareManager->deleteShare($share);
$userObject->delete();
Expand Down

0 comments on commit 141fed8

Please sign in to comment.