Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blacklisted filenames like .htaccess & file.parts can be uploaded #1345

Closed
individual-it opened this issue Jan 21, 2020 · 5 comments
Closed

Blacklisted filenames like .htaccess & file.parts can be uploaded #1345

individual-it opened this issue Jan 21, 2020 · 5 comments

Comments

@individual-it
Copy link
Member

curl 'http://localhost:9140/remote.php/webdav/home/.htaccess' -X PUT -d "mydata" -u user0:123456 -v works without any error

bug or feature?
@butonic
Copy link
Member

butonic commented Jan 23, 2020
edited by refs
Loading

this is a feature. ocis properly handles .htaccess because there is no php running inside apache that could get be influenced. File uploads are handled with dedicated data services that will make the file available to the storage provider when the upload is done. Atomicity depends on the implementation.

@butonic butonic closed this as completed Jan 23, 2020
@individual-it
Copy link
Member Author

what about files with .part ?

@PVince81
Copy link
Contributor

in any case we need to have a way to mark those tests that are "skipped on OCIS" as "expected behavior on OCIS".

reopening. let's close the ticket after the test is reenabled/adjusted

@PVince81 PVince81 reopened this Apr 30, 2020
@PVince81
Copy link
Contributor

PVince81 commented May 5, 2020

I suspect that depending on the storage implementation, some file names or extensions could be blacklisted, for example when interfacing with another OC 10 instance through OCM.

To me this mean that the storage provider needs to advertise what patterns are accepted and which aren't. Since this is a more complex topic that needs to be discussed at some point, let's keep these tests disabled for now.

@butonic butonic transferred this issue from owncloud/ocis-reva Jan 18, 2021
@refs refs changed the title blacklisted filenames like .htaccess & file.parts can be uploaded Blacklisted filenames like .htaccess & file.parts can be uploaded Jan 19, 2021
@refs
Copy link
Member

refs commented Jan 19, 2021
edited
Loading

I suspect that depending on the storage implementation, some file names or extensions could be blacklisted, for example when interfacing with another OC 10 instance through OCM.

To me this mean that the storage provider needs to advertise what patterns are accepted and which aren't. Since this is a more complex topic that needs to be discussed at some point, let's keep these tests disabled for now.

cc @butonic @micbar this seems like a real concern to keep an eye on. Will move it to its own issue so it doesn't get lost in the context of this one.

@refs refs closed this as completed Jan 19, 2021
@jasson99 jasson99 mentioned this issue Jun 8, 2021
Closed
@refs refs mentioned this issue Jun 14, 2021
Closed
@grgprarup grgprarup mentioned this issue Jun 21, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PVince81 @butonic @individual-it @refs