owncloud · DeepDiver1975 · Aug 18, 2017 · Aug 18, 2017 · Aug 18, 2017 · Aug 18, 2017
diff --git a/apps/dav/lib/Connector/Sabre/Node.php b/apps/dav/lib/Connector/Sabre/Node.php
@@ -126,11 +126,22 @@ public function setName($name) {
 			throw new \Sabre\DAV\Exception\Forbidden();
 		}
 
+		// verify path of the source
+		$this->verifyPath();
+
 		list($parentPath,) = \Sabre\HTTP\URLUtil::splitPath($this->path);
 		list(, $newName) = \Sabre\HTTP\URLUtil::splitPath($name);
 
-		// verify path of the target
-		$this->verifyPath();
+		// verify path of target
+		if (\OC\Files\Filesystem::isForbiddenFileOrDir($parentPath . '/' . $newName)) {
+			throw new \Sabre\DAV\Exception\Forbidden();
+		}
+
+		try {
+			$this->fileView->verifyPath($parentPath, $newName);
+		} catch (\OCP\Files\InvalidPathException $ex) {
+			throw new InvalidPath($ex->getMessage());
+		}
 
 		$newPath = $parentPath . '/' . $newName;
 

diff --git a/tests/integration/features/webdav-related-new-endpoint.feature b/tests/integration/features/webdav-related-new-endpoint.feature
@@ -78,7 +78,6 @@ Feature: webdav-related-new-endpoint
 		When User "user0" moves file "/welcome.txt" to "/a\\a"
 		Then the HTTP status code should be "400"
 
-	@skip @issue-28441
 	Scenario: rename a file into a banned filename
 		Given using new dav path
 		And user "user0" exists
@@ -388,7 +387,6 @@ Feature: webdav-related-new-endpoint
 		When User "user0" moves folder "/testshare" to "/hola%5Chola"
 		Then the HTTP status code should be "400"
 
-	@skip @issue-28441
 	Scenario: Renaming a folder into a banned name
 		Given using new dav path
 		And user "user0" exists

diff --git a/tests/ui/features/files/renameFiles.feature b/tests/ui/features/files/renameFiles.feature
@@ -36,12 +36,17 @@ Feature: renameFiles
 
 	Scenario: Rename a file using forbidden characters
 		When I rename the file "data.zip" to one of these names
-		|.htaccess  |
 		|lorem\txt  |
 		|\\.txt     |
 		Then notifications should be displayed with the text
 		|Could not rename "data.zip"|
 		|Could not rename "data.zip"|
+		And the file "data.zip" should be listed
+
+	Scenario: Rename a file to a forbidden name
+		When I rename the file "data.zip" to one of these names
+		|.htaccess  |
+		Then notifications should be displayed with the text
 		|Could not rename "data.zip"|
 		And the file "data.zip" should be listed
 

diff --git a/tests/ui/features/files/renameFolders.feature b/tests/ui/features/files/renameFolders.feature
@@ -35,12 +35,17 @@ Feature: renameFolders
 
 	Scenario: Rename a folder using forbidden characters
 		When I rename the folder "simple-folder" to one of these names
-		|.htaccess       |
 		|simple\folder   |
 		|\\simple-folder |
 		Then notifications should be displayed with the text
 		|Could not rename "simple-folder"|
 		|Could not rename "simple-folder"|
+		And the folder "simple-folder" should be listed
+
+	Scenario: Rename a folder to a forbidden name
+		When I rename the folder "simple-folder" to one of these names
+		|.htaccess       |
+		Then notifications should be displayed with the text
 		|Could not rename "simple-folder"|
 		And the folder "simple-folder" should be listed