check for filename blacklist in OC_Filesystem::isValidPath

lib/filesystem.php

@@ -403,6 +403,9 @@ class OC_Filesystem{
 		if(strstr($path, '/../') || strrchr($path, '/') === '/..' ) {
 			return false;
 		}
+		if(self::isFileBlacklisted($path)){
+			return false;
+		}
 		return true;
 	}
 
@@ -412,20 +415,22 @@ class OC_Filesystem{
 	 * @param array $data from hook
 	 */
 	static public function isBlacklisted($data) {
-		$blacklist = array('.htaccess');
 		if (isset($data['path'])) {
 			$path = $data['path'];
 		} else if (isset($data['newpath'])) {
 			$path = $data['newpath'];
 		}
 		if (isset($path)) {
-			$filename = strtolower(basename($path));
-			if (in_array($filename, $blacklist)) {
-				$data['run'] = false;
-			}
+			$data['run'] = !self::isFileBlacklisted($path);
 		}
 	}
 
+	static public function isFileBlacklisted($path){
+		$blacklist = array('.htaccess');
+		$filename = strtolower(basename($path));
+		return in_array($filename, $blacklist);
+	}
+
 	/**
 	 * following functions are equivilent to their php buildin equivilents for arguments/return values.
 	 */

tests/lib/filesystem.php

@@ -101,6 +101,7 @@ class Test_Filesystem extends UnitTestCase {
 		$rootView->mkdir('/' . $user);
 		$rootView->mkdir('/' . $user . '/files');
 
+		$this->assertFalse($rootView->file_put_contents('/.htaccess', 'foo'));
 		$this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', 'foo'));
 		$fh = fopen(__FILE__, 'r');
 		$this->assertFalse(OC_Filesystem::file_put_contents('/.htaccess', $fh));