wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5991 from owncloud/extstorage-mountpointvalidation

Browse source 
Prevent using root as mount point for external storage
This commit is contained in:
Morris Jobke 2013-11-25 00:30:06 -08:00
commit b82146eeee
2 changed files with 56 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/files_external/lib/config.php
View file

@ -266,6 +266,11 @@ class OC_Mount_Config {
$mountType, $mountType,
$applicable, $applicable,
$isPersonal = false) { $isPersonal = false) {
$mountPoint = OC\Files\Filesystem::normalizePath($mountPoint);
if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') {
// can't mount at root or "Shared" folder
return false;
}
if ($isPersonal) { if ($isPersonal) {
// Verify that the mount point applies for the current user // Verify that the mount point applies for the current user
// Prevent non-admin users from mounting local storage // Prevent non-admin users from mounting local storage

51
apps/files_external/tests/mountconfig.php Normal file
View file

@ -0,0 +1,51 @@
<?php
/**
* ownCloud
*
* @author Vincent Petry
* Copyright (c) 2013 Vincent Petry <pvince81@owncloud.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once __DIR__ . '/../../../lib/base.php';
require __DIR__ . '/../lib/config.php';
class Test_Mount_Config_Dummy_Storage {
public function test() {
return true;
}
}
/**
* Class Test_Mount_Config
*/
class Test_Mount_Config extends \PHPUnit_Framework_TestCase {
/**
* Test mount point validation
*/
public function testAddMountPointValidation() {
$storageClass = 'Test_Mount_Config_Dummy_Storage';
$mountType = 'user';
$applicable = 'all';
$isPersonal = false;
$this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal));
$this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal));
$this->assertEquals(false, OC_Mount_Config::addMountPoint('Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
$this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
}
}