Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignore invalid paths in the JS file list #25368

Merged
merged 1 commit into from Jul 6, 2016

Conversation

@PVince81
Copy link
Member

PVince81 commented Jul 5, 2016

Please review @ChristophWurst @guruz @georgehrke @VicDeo @DeepDiver1975

You can test this by adding ".." sections in the URL directly, for example:
http://localhost/owncloud/index.php/apps/files/?dir=/../../something

Note that on master you'll have to remove the fileid argument as it takes precedence over the path.

Should be backported to stable9.1 and stable9.

@PVince81 PVince81 added this to the 9.2 milestone Jul 5, 2016
@ChristophWurst

This comment has been minimized.

Copy link
Contributor

ChristophWurst commented Jul 5, 2016

👍 looks good

@VicDeo

This comment has been minimized.

Copy link
Member

VicDeo commented Jul 5, 2016

works 👍

@DeepDiver1975 DeepDiver1975 merged commit 147c672 into master Jul 6, 2016
22 of 24 checks passed
22 of 24 checks passed
core-ci-linux-php7.1/database=sqlite,label=SLAVE continuous-integration/php-7.1
Details
core-ci-linux-swift-primary-storage/database=mysql,label=SLAVE Build #57275 in progress...
Details
Scrutinizer 3 new issues
Details
cla-bot-core Build #5152 succeeded in 1 min 43 sec
Details
continuous-integration/php-5.4 Build #5497 succeeded in 6 min 53 sec
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
core-ci-linux-jsunit/database=sqlite,label=SLAVE Build #63362 succeeded in 51 sec
Details
core-ci-linux/database=mysql,label=SLAVE Build #32255 succeeded in 14 min
Details
core-ci-linux/database=oci,label=SLAVE Build #32255 succeeded in 35 min
Details
core-ci-linux/database=pgsql,label=SLAVE Build #32255 succeeded in 13 min
Details
core-ci-linux/database=sqlite,label=SLAVE Build #32255 succeeded in 7 min 25 sec
Details
ocs-api-integration-tests-ci Build #12047 succeeded in 50 min
Details
server-master-linux-externals-ci/database=sqlite,external=smb-silvershell,label=SLAVE Build #11516 succeeded in 1 min 57 sec
Details
server-master-linux-externals-ci/database=sqlite,external=swift-ceph,label=SLAVE Build #11516 succeeded in 7 min 14 sec
Details
server-master-linux-externals-ci/database=sqlite,external=webdav-ownCloud,label=SLAVE Build #11516 succeeded in 9 min 1 sec
Details
server-master-linux-externals-smb-windows-ext-ci/database=sqlite,external=smb-windows,label=master Build #23717 succeeded in 4 min 47 sec
Details
server-master-linux-php7-ci/database=sqlite,label=SLAVE Build #40590 succeeded in 4 min 47 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=litmus,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 4 min 4 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_basicSync@0,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 6 min 49 sec
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_basicSync@1,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 25 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_shareLink,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 14 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePermissions,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 35 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePropagationGroups,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 22 min
Details
smashbox-on-docker-ci/DOCKER_IMAGE=ubuntu_oc_lamp-git,TEST_NAME=test_sharePropagationInsideGroups,mirallBranch=v2.0.2,slave=SMASH Build #15831 succeeded in 19 min
Details
@DeepDiver1975 DeepDiver1975 deleted the files-ignoreinvalidpath branch Jul 6, 2016
@DeepDiver1975 DeepDiver1975 self-assigned this Jul 6, 2016
@DeepDiver1975

This comment has been minimized.

Copy link
Member

DeepDiver1975 commented Jul 6, 2016

preparing backports

DeepDiver1975 added a commit that referenced this pull request Jul 6, 2016
DeepDiver1975 added a commit that referenced this pull request Jul 6, 2016
@DeepDiver1975

This comment has been minimized.

Copy link
Member

DeepDiver1975 commented Jul 6, 2016

stable9: #25375
stable9.1: #25374

@MorrisJobke MorrisJobke mentioned this pull request Jul 7, 2016
@lock

This comment has been minimized.

Copy link

lock bot commented Aug 5, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
4 participants
You can’t perform that action at this time.