Ignore invalid paths in the JS file list #25368

Merged
merged 1 commit into from Jul 6, 2016

Projects

None yet

4 participants

@PVince81
Collaborator
PVince81 commented Jul 5, 2016

Please review @ChristophWurst @guruz @georgehrke @VicDeo @DeepDiver1975

You can test this by adding ".." sections in the URL directly, for example:
http://localhost/owncloud/index.php/apps/files/?dir=/../../something

Note that on master you'll have to remove the fileid argument as it takes precedence over the path.

Should be backported to stable9.1 and stable9.

@PVince81 PVince81 Ignore invalid paths in the JS file list
8cacdb2
@PVince81 PVince81 added this to the 9.2 milestone Jul 5, 2016
@ChristophWurst
Contributor

👍 looks good

@VicDeo
Member
VicDeo commented Jul 5, 2016

works 👍

@DeepDiver1975 DeepDiver1975 merged commit 147c672 into master Jul 6, 2016

22 of 24 checks passed

core-ci-linux-php7.1/database=sqlite,label=SLAVE continuous-integration/php-7.1
Details
core-ci-linux-swift-primary-storage/database=mysql,label=SLAVE Build #57275 in progress...
Details
Scrutinizer 3 new issues
Details
cla-bot-core Build #5152 succeeded in 1 min 43 sec
Details
continuous-integration/php-5.4 Build #5497 succeeded in 6 min 53 sec
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
core-ci-linux-jsunit/database=sqlite,label=SLAVE Build #63362 succeeded in 51 sec
Details
core-ci-linux/database=mysql,label=SLAVE Build #32255 succeeded in 14 min
Details
core-ci-linux/database=oci,label=SLAVE Build #32255 succeeded in 35 min
Details
core-ci-linux/database=pgsql,label=SLAVE Build #32255 succeeded in 13 min
Details
core-ci-linux/database=sqlite,label=SLAVE Build #32255 succeeded in 7 min 25 sec
Details
ocs-api-integration-tests-ci Build #12047 succeeded in 50 min
Details
server-master-linux-externals-ci/database=sqlite,external=smb-silvershell,label=SLAVE Build #11516 succeeded in 1 min 57 sec
Details
server-master-linux-externals-ci/database=sqlite,external=swift-ceph,label=SLAVE Build #11516 succeeded in 7 min 14 sec
Details
server-master-linux-externals-ci/database=sqlite,external=webdav-ownCloud,label=SLAVE Build #11516 succeeded in 9 min 1 sec
Details
server-master-linux-externals-smb-windows-ext-ci/database=sqlite,external=smb-windows,label=master Build #23717 succeeded in 4 min 47 sec
Details
server-master-linux-php7-ci/database=sqlite,label=SLAVE Build #40590 succeeded in 4 min 47 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=litmus,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 4 min 4 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_basicSync@0,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 6 min 49 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_basicSync@1,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 25 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_shareLink,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 14 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePermissions,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 35 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePropagationGroups,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 22 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePropagationInsideGroups,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 19 min
Details
@DeepDiver1975 DeepDiver1975 deleted the files-ignoreinvalidpath branch Jul 6, 2016
@DeepDiver1975 DeepDiver1975 self-assigned this Jul 6, 2016
@DeepDiver1975
Member

preparing backports

@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Jul 6, 2016
@PVince81 @DeepDiver1975 PVince81 + DeepDiver1975 Ignore invalid paths in the JS file list (#25368) e2dbc0d
@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Jul 6, 2016
@PVince81 @DeepDiver1975 PVince81 + DeepDiver1975 Ignore invalid paths in the JS file list (#25368) c92c234
@DeepDiver1975
Member

stable9: #25375
stable9.1: #25374

@MorrisJobke MorrisJobke referenced this pull request in nextcloud/server Jul 7, 2016
Merged

Sync master #333

@GitHubUser4234 GitHubUser4234 pushed a commit to GitHubUser4234/core that referenced this pull request Jul 22, 2016
@PVince81 @DeepDiver1975 PVince81 + DeepDiver1975 Ignore invalid paths in the JS file list (#25368) 1f9d728
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment