Skip to content

Commit

Permalink
Merge pull request #4302 from kobergj/CheckFilenameLengthProperly
Browse files Browse the repository at this point in the history
Fix filenamelength checking
  • Loading branch information
kobergj authored Oct 31, 2023
2 parents a374069 + 3453503 commit 9f40f04
Show file tree
Hide file tree
Showing 6 changed files with 13 additions and 9 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/fix-filename-length-check.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: Fix checking of filename length

Instead of checking for length of the filename the ocdav handler would sometimes check for complete file path.

https://github.com/cs3org/reva/pull/4302
4 changes: 2 additions & 2 deletions internal/http/services/owncloud/ocdav/copy.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,14 +88,14 @@ func (s *svc) handlePathCopy(w http.ResponseWriter, r *http.Request, ns string)
return
}

if err := ValidateName(src, s.nameValidators); err != nil {
if err := ValidateName(path.Base(src), s.nameValidators); err != nil {
w.WriteHeader(http.StatusBadRequest)
b, err := errors.Marshal(http.StatusBadRequest, "source failed naming rules", "")
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
return
}

if err := ValidateName(dst, s.nameValidators); err != nil {
if err := ValidateName(path.Base(dst), s.nameValidators); err != nil {
w.WriteHeader(http.StatusBadRequest)
b, err := errors.Marshal(http.StatusBadRequest, "destination failed naming rules", "")
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
Expand Down
2 changes: 1 addition & 1 deletion internal/http/services/owncloud/ocdav/mkcol.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ func (s *svc) handlePathMkcol(w http.ResponseWriter, r *http.Request, ns string)
defer span.End()

fn := path.Join(ns, r.URL.Path)
if err := ValidateName(fn, s.nameValidators); err != nil {
if err := ValidateName(path.Base(fn), s.nameValidators); err != nil {
return http.StatusBadRequest, err
}
sublog := appctx.GetLogger(ctx).With().Str("path", fn).Logger()
Expand Down
4 changes: 2 additions & 2 deletions internal/http/services/owncloud/ocdav/move.go
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,14 @@ func (s *svc) handlePathMove(w http.ResponseWriter, r *http.Request, ns string)
return
}

if err := ValidateName(srcPath, s.nameValidators); err != nil {
if err := ValidateName(path.Base(srcPath), s.nameValidators); err != nil {
w.WriteHeader(http.StatusBadRequest)
b, err := errors.Marshal(http.StatusBadRequest, "source failed naming rules", "")
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
return
}

if err := ValidateName(dstPath, s.nameValidators); err != nil {
if err := ValidateName(path.Base(dstPath), s.nameValidators); err != nil {
w.WriteHeader(http.StatusBadRequest)
b, err := errors.Marshal(http.StatusBadRequest, "destination naming rules", "")
errors.HandleWebdavError(appctx.GetLogger(ctx), w, b, err)
Expand Down
3 changes: 1 addition & 2 deletions internal/http/services/owncloud/ocdav/put.go
Original file line number Diff line number Diff line change
Expand Up @@ -141,8 +141,7 @@ func (s *svc) handlePut(ctx context.Context, w http.ResponseWriter, r *http.Requ
return
}

fn := filepath.Base(ref.Path)
if err := ValidateName(fn, s.nameValidators); err != nil {
if err := ValidateName(filepath.Base(ref.Path), s.nameValidators); err != nil {
w.WriteHeader(http.StatusBadRequest)
b, err := errors.Marshal(http.StatusBadRequest, err.Error(), "")
errors.HandleWebdavError(&log, w, b, err)
Expand Down
4 changes: 2 additions & 2 deletions internal/http/services/owncloud/ocdav/tus.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ func (s *svc) handlePathTusPost(w http.ResponseWriter, r *http.Request, ns strin

// read filename from metadata
meta := tusd.ParseMetadataHeader(r.Header.Get(net.HeaderUploadMetadata))
if err := ValidateName(meta["filename"], s.nameValidators); err != nil {
if err := ValidateName(path.Base(meta["filename"]), s.nameValidators); err != nil {
w.WriteHeader(http.StatusPreconditionFailed)
return
}
Expand All @@ -81,7 +81,7 @@ func (s *svc) handleSpacesTusPost(w http.ResponseWriter, r *http.Request, spaceI

// read filename from metadata
meta := tusd.ParseMetadataHeader(r.Header.Get(net.HeaderUploadMetadata))
if err := ValidateName(meta["filename"], s.nameValidators); err != nil {
if err := ValidateName(path.Base(meta["filename"]), s.nameValidators); err != nil {
w.WriteHeader(http.StatusPreconditionFailed)
return
}
Expand Down

0 comments on commit 9f40f04

Please sign in to comment.