From 65d79bb5929b5ab68e9650eb9eea2fa373e84999 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 25 Nov 2021 08:48:26 +0100 Subject: [PATCH 1/3] Check for invalid characters before trimming Signed-off-by: Joas Schilling --- lib/private/Files/Storage/Common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/Files/Storage/Common.php b/lib/private/Files/Storage/Common.php index 4c07426dd70..7239c58a8a1 100644 --- a/lib/private/Files/Storage/Common.php +++ b/lib/private/Files/Storage/Common.php @@ -554,8 +554,8 @@ abstract class Common implements Storage, ILockingStorage, IWriteStreamStorage { * @throws InvalidPathException */ protected function verifyPosixPath($fileName) { - $fileName = trim($fileName); $this->scanForInvalidCharacters($fileName, "\\/"); + $fileName = trim($fileName); $reservedNames = ['*']; if (in_array($fileName, $reservedNames)) { throw new ReservedWordException(); From d1203e9b5d082798c2ffd1c8ae8a927626f6090a Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 25 Nov 2021 09:07:34 +0100 Subject: [PATCH 2/3] Add an integration test Signed-off-by: Joas Schilling --- build/integration/features/webdav-related.feature | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/build/integration/features/webdav-related.feature b/build/integration/features/webdav-related.feature index c98ecc56ec7..78ec6a93c50 100644 --- a/build/integration/features/webdav-related.feature +++ b/build/integration/features/webdav-related.feature @@ -619,3 +619,12 @@ Feature: webdav-related And Downloaded content should be "BBBBB" And Downloading file "/C.txt" And Downloaded content should be "CCCCC" + + Scenario: Creating a folder with invalid characters + Given using new dav path + And As an "admin" + And user "user0" exists + And user "user1" exists + And As an "user1" + And user "user1" created a folder "/testshare " + Then the HTTP status code should be "400" From 599870980bd820fc9de9832007407de2a31c31df Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 25 Nov 2021 09:07:46 +0100 Subject: [PATCH 3/3] Correctly set the response after a ClientException as well Signed-off-by: Joas Schilling --- .../integration/features/bootstrap/WebDav.php | 28 +++++++++++++++---- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/build/integration/features/bootstrap/WebDav.php b/build/integration/features/bootstrap/WebDav.php index 9f5e79a3ac6..aeae6ce3ba8 100644 --- a/build/integration/features/bootstrap/WebDav.php +++ b/build/integration/features/bootstrap/WebDav.php @@ -458,7 +458,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -487,7 +490,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -502,7 +508,10 @@ trait WebDav { try { $this->response = $this->makeDavRequest($user, 'DELETE', $file, []); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -517,7 +526,10 @@ trait WebDav { $destination = '/' . ltrim($destination, '/'); $this->response = $this->makeDavRequest($user, "MKCOL", $destination, []); } catch (\GuzzleHttp\Exception\ServerException $e) { - // 4xx and 5xx responses cause an exception + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception $this->response = $e->getResponse(); } } @@ -639,8 +651,12 @@ trait WebDav { public function downloadingFileAs($fileName, $user) { try { $this->response = $this->makeDavRequest($user, 'GET', $fileName, []); - } catch (\GuzzleHttp\Exception\ServerException $ex) { - $this->response = $ex->getResponse(); + } catch (\GuzzleHttp\Exception\ServerException $e) { + // 5xx responses cause a server exception + $this->response = $e->getResponse(); + } catch (\GuzzleHttp\Exception\ClientException $e) { + // 4xx responses cause a client exception + $this->response = $e->getResponse(); } }