mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-04-11 19:08:08 -04:00
Christian Richter
8
changelog/unreleased/check-parent-on-copy.md
Normal file
8
changelog/unreleased/check-parent-on-copy.md
Normal file
@@ -0,0 +1,8 @@
|
||||
Bugfix: Prevent copying a file to a parent folder
|
||||
|
||||
When copying a file to a parent folder, the file would be copied to the parent folder, but the file would not be removed from the original folder.
|
||||
|
||||
https://github.com/owncloud/ocis/pull/8649
|
||||
https://github.com/owncloud/ocis/issues/1230
|
||||
https://github.com/cs3org/reva/pull/4571
|
||||
`
|
||||
2
go.mod
2
go.mod
@@ -14,7 +14,7 @@ require (
|
||||
github.com/cenkalti/backoff v2.2.1+incompatible
|
||||
github.com/coreos/go-oidc/v3 v3.9.0
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240313154849-352a246529ff
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240318131905-fd7b50caacad
|
||||
github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
|
||||
github.com/disintegration/imaging v1.6.2
|
||||
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
|
||||
|
||||
4
go.sum
4
go.sum
@@ -1018,8 +1018,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
|
||||
github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240313154849-352a246529ff h1:XW1j4lf3EWfB9/fKN3D8Q1mehNvrlmGuXdVVzWLtFDs=
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240313154849-352a246529ff/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240318131905-fd7b50caacad h1:qKgPSuJ9T3AElJbZbrNmUSH51MQq1CgN1acKcyty86Y=
|
||||
github.com/cs3org/reva/v2 v2.19.2-0.20240318131905-fd7b50caacad/go.mod h1:GRUrOp5HbFVwZTgR9bVrMZ/MvVy+Jhxw1PdMmhhKP9E=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
|
||||
github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
|
||||
|
||||
31
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
generated
vendored
31
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/copy.go
generated
vendored
@@ -559,6 +559,37 @@ func (s *svc) prepareCopy(ctx context.Context, w http.ResponseWriter, r *http.Re
|
||||
return nil
|
||||
}
|
||||
|
||||
isParent, err := s.referenceIsChildOf(ctx, s.gatewaySelector, srcRef, dstRef)
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
case errtypes.IsNotFound:
|
||||
isParent = false
|
||||
case errtypes.IsNotSupported:
|
||||
log.Error().Err(err).Msg("can not detect recursive copy operation. missing machine auth configuration?")
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
return nil
|
||||
default:
|
||||
log.Error().Err(err).Msg("error while trying to detect recursive copy operation")
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
if isParent {
|
||||
w.WriteHeader(http.StatusConflict)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "can not copy a folder into its parent", "")
|
||||
errors.HandleWebdavError(log, w, b, err)
|
||||
return nil
|
||||
|
||||
}
|
||||
|
||||
if srcRef.Path == dstRef.Path && srcRef.ResourceId == dstRef.ResourceId {
|
||||
w.WriteHeader(http.StatusConflict)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "source and destination are the same", "")
|
||||
errors.HandleWebdavError(log, w, b, err)
|
||||
return nil
|
||||
}
|
||||
|
||||
oh := r.Header.Get(net.HeaderOverwrite)
|
||||
overwrite, err := net.ParseOverwrite(oh)
|
||||
if err != nil {
|
||||
|
||||
23
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
generated
vendored
23
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/move.go
generated
vendored
@@ -162,6 +162,29 @@ func (s *svc) handleMove(ctx context.Context, w http.ResponseWriter, r *http.Req
|
||||
return
|
||||
}
|
||||
|
||||
isParent, err := s.referenceIsChildOf(ctx, s.gatewaySelector, src, dst)
|
||||
if err != nil {
|
||||
switch err.(type) {
|
||||
case errtypes.IsNotFound:
|
||||
isParent = false
|
||||
case errtypes.IsNotSupported:
|
||||
log.Error().Err(err).Msg("can not detect recursive move operation. missing machine auth configuration?")
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
default:
|
||||
log.Error().Err(err).Msg("error while trying to detect recursive move operation")
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
if isParent {
|
||||
w.WriteHeader(http.StatusConflict)
|
||||
b, err := errors.Marshal(http.StatusBadRequest, "can not move a folder into its parent", "")
|
||||
errors.HandleWebdavError(&log, w, b, err)
|
||||
return
|
||||
|
||||
}
|
||||
|
||||
oh := r.Header.Get(net.HeaderOverwrite)
|
||||
log.Debug().Str("overwrite", oh).Msg("move")
|
||||
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/types/v1beta1
|
||||
# github.com/cs3org/reva/v2 v2.19.2-0.20240313154849-352a246529ff
|
||||
# github.com/cs3org/reva/v2 v2.19.2-0.20240318131905-fd7b50caacad
|
||||
## explicit; go 1.21
|
||||
github.com/cs3org/reva/v2/cmd/revad/internal/grace
|
||||
github.com/cs3org/reva/v2/cmd/revad/runtime
|
||||
|
||||
Reference in New Issue
Block a user