Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Filename not validated when calling IFolder->newFile() #47563

Closed
4 of 8 tasks
mejo- opened this issue Aug 28, 2024 · 3 comments
Closed
4 of 8 tasks

[Bug]: Filename not validated when calling IFolder->newFile() #47563

mejo- opened this issue Aug 28, 2024 · 3 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug feature: filesystem

Comments

@mejo-
Copy link
Member

mejo- commented Aug 28, 2024

⚠️ This issue respects the following points: ⚠️

Bug description

With the new IFilenameValidator implementation I would expect IFolder->newFile() to throw an error if passed file name is invalid. But it seems like that's not the case. newFile() still returns a File object and only further operation on this object fail. I guess there's a bug somewhere.

I discovered this issue while developing nextcloud/text#6271.

Steps to reproduce

  1. Call IFolder->newFile() with windows compatibility turned on and an invalid filename as argument
  2. See that it returns a File object instead of throwing an exception

Expected behavior

I would expect IFolder->newFile() to throw an error if passed file name is invalid.

Installation method

None

Nextcloud Server version

master

Operating system

None

PHP engine version

None

Web server

None

Database engine version

None

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

None

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response
@mejo- mejo- added bug feature: filesystem 0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback labels Aug 28, 2024
@susnux
Copy link
Contributor

susnux commented Aug 28, 2024

This is expected behavior.
You need to check the validity before creating.

It is only checked in webdav. The reason is that we use that api also for internal things that break with that validation (setup, appdata, updater).

So all user facing files should be validated but the IFolder and FilesView api are also used for private stuff

@mejo-
Copy link
Member Author

mejo- commented Sep 4, 2024

Ok, thanks for clarification. I would have expected server functions to do the validation when a file gets created. Let's close this then.

@mejo- mejo- closed this as completed Sep 4, 2024
@susnux
Copy link
Contributor

susnux commented Sep 4, 2024

I would have expected server functions to do the validation when a file gets created.

Yes normally agree, but those functions also can be used for app data, which does not have those limitations.
So no validation, thats why we have the public interface \OCP\Files\IFilenameValidator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap 30-feedback bug feature: filesystem
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@susnux @mejo-