Refactor StorageFolder::newFile() and newFolder() #167
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Daniel Rudolf <[email protected]>
Nextcloud's file operations API apparently is unable to proberly deal with relative paths (even though the docs tell us otherwise). It (a) performs file permission checks on the base directory rather than the respective parent directory (:confused:), and (b) blocks relative paths like '..' (likely as a security measure - by using the most unsophisticated approach :unamused:). Also see nextcloud/server#26396. We better do this on our own... Fixes #141 Signed-off-by: Daniel Rudolf <[email protected]>
|
Unfortunately I cannot test this since I get when I try to apply the patch... |
|
@PhrozenByte if you want to test this yourself you should be able to reproduce this issue by following:
|
Member
Author
|
No need to apply the patch manually, simply clone the branch (or download the source ZIP from https://github.com/nextcloud/cms_pico/archive/refs/heads/bugfix/141.zip) and run |
|
Thanks! I've done that in a VM and I can report that it fixes my issues with read only root folder. Thank you! :) |
Signed-off-by: Daniel Rudolf <[email protected]>
Member
Author
|
Let's give @matrois a few more days to test this, too. |
Signed-off-by: Daniel Rudolf <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nextcloud's file operations API apparently is unable to proberly deal with relative paths (even though the docs tell us otherwise). It …
..(likely as a security measure - by using the most unsophisticated approach 😒).Also see nextcloud/server#26396.
Fixes #141 #165
@szaimen @matrois: Since I still don't know what exactly you guys are doing to cause this issue, I couldn't test it. Please give it a try.