New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: do not accept federated shares where the name is too long #40726
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
6769e8b
to
d437bec
Compare
💥 Acceptance tests pipeline apiProxySmoke-8-8-mariadb10.2-php7.4 failed. The build has been cancelled. |
d437bec
to
b1ba440
Compare
Kudos, SonarCloud Quality Gate passed! |
@jvillafanez please review again - thx |
I don't know how to confirm this.
From desktop-client: |
Not exaclty sure, where the length limit is. drone CI uses a 290 char string to trigger this. Yours is shorter: 233 chars. |
The https://github.com/owncloud/core/blob/master/lib/private/Files/View.php#L1921 which is then calling: https://github.com/owncloud/core/blob/master/lib/private/Files/Storage/Common.php#L505-L511 where a |
but, clients (including web) do not allow such amount of characters in the filename. So, that exception is never thrown. |
Ouch. This will explode, when versioning or trashcan add their suffixes to the filename.
|
not related to this specific issue but, yes, we need to check what happens with occ |
The code path with these checks is not executed.
|
In a regular use case this will not happen because files on all servers have the correct file name length. This is a safety net against wrong usage of the http request. Submit an http request using curl. |
Tried to re-check:
NOTE: The share request doesn't hit the core/apps/federatedfilesharing/lib/Controller/RequestHandlerController.php Lines 99 to 100 in 71e0ebe
but hits core/apps/files_sharing/lib/Controller/Share20OcsController.php Lines 372 to 373 in 71e0ebe
|
federatedfilesharing is the app -> not files_sharing .... |
worth an issue for further investigation |
Description
Federated shares with a too long name can result in in accessible shares on the receiving server
Related Issue
Motivation and Context
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: