From 2bb8c023c2eafd0f17065dfbf38e7f70d2a2fa84 Mon Sep 17 00:00:00 2001 From: Git'Fellow <12234510+solracsf@users.noreply.github.com> Date: Wed, 4 Sep 2024 22:24:19 +0200 Subject: [PATCH] fix(files): Check if the target path is a descendant of the shared folder path Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: tests Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: fix tests Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: add tests Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> fix: tests --- lib/private/Files/View.php | 3 ++- tests/lib/Files/ViewTest.php | 10 +++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 2f0d297237df8..db2483fab766e 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1794,7 +1794,8 @@ private function targetIsNotShared(string $user, string $targetPath): bool { }, $providers)); foreach ($shares as $share) { - if (str_starts_with($targetPath, $share->getNode()->getPath())) { + $sharedPath = $share->getNode()->getPath(); + if ($targetPath === $sharedPath || str_starts_with($targetPath, $sharedPath . '/')) { $this->logger->debug( 'It is not allowed to move one mount point into a shared folder', ['app' => 'files']); diff --git a/tests/lib/Files/ViewTest.php b/tests/lib/Files/ViewTest.php index 379a8389355ab..2dfbf61641ac0 100644 --- a/tests/lib/Files/ViewTest.php +++ b/tests/lib/Files/ViewTest.php @@ -1668,17 +1668,24 @@ public function testMoveMountPointIntoAnother() { public function testMoveMountPointIntoSharedFolder() { self::loginAsUser($this->user); - [$mount1] = $this->createTestMovableMountPoints([ + [$mount1, $mount2] = $this->createTestMovableMountPoints([ $this->user . '/files/mount1', + $this->user . '/files/mount2', ]); $mount1->expects($this->never()) ->method('moveMount'); + $mount2->expects($this->once()) + ->method('moveMount') + ->willReturn(true); + $view = new View('/' . $this->user . '/files/'); $view->mkdir('shareddir'); $view->mkdir('shareddir/sub'); $view->mkdir('shareddir/sub2'); + // Create a similar named but non-shared folder + $view->mkdir('shareddir notshared'); $fileId = $view->getFileInfo('shareddir')->getId(); $userObject = \OC::$server->getUserManager()->createUser('test2', 'IHateNonMockableStaticClasses'); @@ -1697,6 +1704,7 @@ public function testMoveMountPointIntoSharedFolder() { $this->assertFalse($view->rename('mount1', 'shareddir'), 'Cannot overwrite shared folder'); $this->assertFalse($view->rename('mount1', 'shareddir/sub'), 'Cannot move mount point into shared folder'); $this->assertFalse($view->rename('mount1', 'shareddir/sub/sub2'), 'Cannot move mount point into shared subfolder'); + $this->assertTrue($view->rename('mount2', 'shareddir notshared/sub'), 'Can move mount point into a similarly named but non-shared folder'); $shareManager->deleteShare($share); $userObject->delete();