Fix security issues when copying groupfolder with advanced ACL

Using advanced ACL, it is possible that an user has access to a directory but not to a subdirectory, so the copying use Common::copyFromStorage instead of Local::copyFromStorage. Fix nextcloud/groupfolders#1692 Signed-off-by: Carl Schwan <[email protected]>
nextcloud · Oct 21, 2021 · 887f4ba · 887f4ba
1 parent cad44d6
commit 887f4ba
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/private/Files/Storage/Local.php b/lib/private/Files/Storage/Local.php
@@ -525,7 +525,10 @@ private function calculateEtag(string $path, array $stat): string {
 	 * @return bool
 	 */
 	public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
-		if ($sourceStorage->instanceOfStorage(Local::class)) {
+		// Don't treat ACLStorageWrapper like local storage where copy can be done directly.
+		// Instead use the slower recursive copying in php from Common::copyFromStorage with
+		// more permissions checks.
+		if ($sourceStorage->instanceOfStorage(Local::class) && !$sourceStorage->instanceOfStorage('OCA\GroupFolders\ACL\ACLStorageWrapper')) {
 			if ($sourceStorage->instanceOfStorage(Jail::class)) {
 				/**
 				 * @var \OC\Files\Storage\Wrapper\Jail $sourceStorage