Skip to content

Commit

Permalink
Merge pull request #29366 from nextcloud/backport/29362/stable20
Browse files Browse the repository at this point in the history 
[stable20] Fix security issues when copying groupfolder with advanced ACL
  • Loading branch information
@PVince81
PVince81 authored Oct 22, 2021
2 parents 85de792 + bd6b9e2 commit e82157d
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/private/Files/Storage/Local.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -525,7 +525,10 @@ private function calculateEtag(string $path, array $stat): string {
* @return bool
*/
public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) {
if ($sourceStorage->instanceOfStorage(Local::class)) {
// Don't treat ACLStorageWrapper like local storage where copy can be done directly.
// Instead use the slower recursive copying in php from Common::copyFromStorage with
// more permissions checks.
if ($sourceStorage->instanceOfStorage(Local::class) && !$sourceStorage->instanceOfStorage('OCA\GroupFolders\ACL\ACLStorageWrapper')) {
if ($sourceStorage->instanceOfStorage(Jail::class)) {
/**
* @var \OC\Files\Storage\Wrapper\Jail $sourceStorage
Expand Down

0 comments on commit e82157d

Please sign in to comment.