Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't allow upload/creation of .part files #7496

Closed
schiessle opened this issue Mar 3, 2014 · 13 comments
Closed

don't allow upload/creation of .part files #7496

schiessle opened this issue Mar 3, 2014 · 13 comments
Assignees
@IljaN
Labels
app:files blue-ticket p2-high Escalation, on top of current planning, release blocker sev3-medium Type:Bug
Milestone
10.0.5

Comments

@schiessle
Copy link
Contributor

schiessle commented Mar 3, 2014
edited by DeepDiver1975

we use the file extension .part for uploading large files. Therefore we ignore .part files and don't expose them in the web ui or to a webdav client.

Our sync client, correctly doesn't upload .part files. Also direct webdav uploads refuse to upload .part files. But it is possible to:

  • upload .part files over the web interface
  • create a new empty .part file
  • rename a regular file to a .part file

This will result in files on the server which are no longer accessible by the user. All this operation should be blocked.

@nickvergessen maybe you want to have a look at it if you have some time? Thanks!

cc @PVince81
@schiessle schiessle added the Bug label Mar 3, 2014
@nickvergessen nickvergessen self-assigned this Mar 3, 2014
This was referenced Mar 3, 2014
Closed
Closed
@PVince81 PVince81 mentioned this issue Jul 16, 2014
Closed
@italovalcy
Copy link

Hello everyone,

I and some guys from raul hacker club (raulhc.cc) were looking at some tasks to help owncloud and we found this task interesting. Is @PVince81 still working on this? Can we propose some patch to this issue?

Initially we tried to reproduce the problem, but when we uploaded some file through webdav we received a error message at the client side (I/O error on the server). From the server side, we found the following on apache logs:

PHP Fatal error: Call to a member function getEtag() on a non-object in /app/owncloud/lib/private/connector/sabre/file.php on line 153

Please let we know if we can help on this task.

Regards, Italo

@PVince81
Copy link
Contributor

@italovalcy feel free to take over. Trouble is that I was stuck with unwanted side-effects. Here is the WIP PR #7514 (comment).

Alternatively if you're looking for simpler tasks to start with, check out issues with the "Junior Job" tag.

@DeepDiver1975 DeepDiver1975 added this to the 8.2-next milestone Mar 20, 2015
@PVince81 PVince81 mentioned this issue Apr 21, 2015
Closed
@PVince81
Copy link
Contributor

This won't be fully fixable as long as OC 7 is supported due to federation, see #7514 (comment) for an explanation.

Moving to 9.0 to keep it in sight.

@PVince81 PVince81 modified the milestones: 9.0-next, 8.2-current Sep 21, 2015
@PVince81 PVince81 mentioned this issue Oct 9, 2015
Closed
@PVince81
Copy link
Contributor

Since OC 7 will still be around when OC 9 is out, moving to 9.1.

See #7514 (comment) for the explanation why.

@PVince81
Copy link
Contributor

CC @cmonteroluque

@PVince81 PVince81 modified the milestones: 9.1-next, 9.0-current Feb 11, 2016
@ghost
Copy link

ghost commented Feb 12, 2016

thanks @PVince81

@PVince81 PVince81 modified the milestones: 9.2-next, 9.1-current Jun 17, 2016
@IljaN
Copy link
Member

IljaN commented Feb 27, 2017

@PVince81 #27269

DeepDiver1975 pushed a commit that referenced this issue Mar 21, 2017
@IljaN @DeepDiver1975
#7496 Don`t allow upload of files with extension .part
4d28571
PVince81 pushed a commit that referenced this issue Mar 24, 2017
@IljaN
#7496 Don`t allow upload of files with extension .part
4c2358c
PVince81 pushed a commit that referenced this issue Mar 29, 2017
Merge pull request #27269 from owncloud/upload_filter_issue7496_backend
6ee78af 
#7496 Don`t allow upload of files with extension .part
@PVince81
Copy link
Contributor

This fix is incomplete, part file upload is still possible with Webdav on v10.0.2.

On v10.0.3 another bug prevents it, but we need this fix this correctly.

Reopening.

@PVince81 PVince81 reopened this Sep 11, 2017
@PVince81
Copy link
Contributor

@IljaN please have a look

@PVince81 PVince81 added the p2-high Escalation, on top of current planning, release blocker label Sep 11, 2017
@PVince81 PVince81 mentioned this issue Sep 11, 2017
Closed
@PVince81 PVince81 modified the milestones: development, 10.0 Sep 11, 2017
@PVince81
Copy link
Contributor

also please add integration tests to make sure we can't:

  • upload part files through Webdav
  • rename or copy any file to ".part" with Webdav

@PVince81 PVince81 mentioned this issue Sep 11, 2017
Merged
IljaN added a commit that referenced this issue Sep 13, 2017
@IljaN
Prevent copy or move to .part #7496
a14e889
IljaN added a commit that referenced this issue Sep 13, 2017
@IljaN
Adding tests #7496
39e9bb9
IljaN added a commit that referenced this issue Sep 13, 2017
@IljaN
Adding tests to old endpoint #7496
b3451c6
@IljaN IljaN mentioned this issue Sep 13, 2017
Closed
9 tasks
IljaN added a commit that referenced this issue Sep 14, 2017
@IljaN
Prevent .part upload via dav #7496
329400a
@IljaN IljaN mentioned this issue Sep 14, 2017
Merged
9 tasks
@PVince81 PVince81 modified the milestones: development, planned Sep 18, 2017
IljaN added a commit that referenced this issue Sep 18, 2017
@IljaN
Prevent .part upload via dav #7496
dc8004a
IljaN added a commit that referenced this issue Sep 20, 2017
@IljaN
Prevent .part upload via dav #7496
e97ac64
@PVince81 PVince81 removed their assignment Oct 11, 2017
@michaelstingl michaelstingl mentioned this issue Nov 20, 2018
Closed
9 tasks
@lock
Copy link

lock bot commented Aug 2, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@IljaN IljaN

Labels
app:files blue-ticket p2-high Escalation, on top of current planning, release blocker sev3-medium Type:Bug
Projects
None yet
Milestone
10.0.5
Development

Successfully merging a pull request may close this issue.

[WIP] Prevent creating part files from the UI owncloud/core
9 participants
@italovalcy @nickvergessen @IljaN @PVince81 @jancborchardt @butonic @DeepDiver1975 @schiessle @felixheidecke