Merge pull request #5991 from owncloud/extstorage-mountpointvalidation

Prevent using root as mount point for external storage

Merge pull request #5991 from owncloud/extstorage-mountpointvalidation
b82146ee · Morris Jobke · 60e2ee63 · 2d947835 · b82146ee · b82146ee
Commit b82146ee authored 11 years ago by Morris Jobke
--- a/apps/files_external/lib/config.php
+++ b/apps/files_external/lib/config.php
@@ -266,6 +266,11 @@ class OC_Mount_Config {
 										 $mountType,
 										 $applicable,
 										 $isPersonal = false) {
+		$mountPoint = OC\Files\Filesystem::normalizePath($mountPoint);
+		if ($mountPoint === '' || $mountPoint === '/' || $mountPoint == '/Shared') {
+			// can't mount at root or "Shared" folder
+			return false;
+		}
 		if ($isPersonal) {
 			// Verify that the mount point applies for the current user
 			// Prevent non-admin users from mounting local storage

--- a/apps/files_external/tests/mountconfig.php
+++ b/apps/files_external/tests/mountconfig.php
+<?php
+/**
+ * ownCloud
+ *
+ * @author Vincent Petry
+ * Copyright (c) 2013 Vincent Petry <pvince81@owncloud.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once __DIR__ . '/../../../lib/base.php';
+
+require __DIR__ . '/../lib/config.php';
+
+class Test_Mount_Config_Dummy_Storage {
+	public function test() {
+		return true;
+	}
+}
+
+/**
+ * Class Test_Mount_Config
+ */
+class Test_Mount_Config extends \PHPUnit_Framework_TestCase {
+	/**
+	 * Test mount point validation
+	 */
+	public function testAddMountPointValidation() {
+		$storageClass = 'Test_Mount_Config_Dummy_Storage';
+		$mountType = 'user';
+		$applicable = 'all';
+		$isPersonal = false;
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('/', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
+		$this->assertEquals(false, OC_Mount_Config::addMountPoint('/Shared', $storageClass, array(), $mountType, $applicable, $isPersonal));
+
+	}
+}