From 31c0efc29982516409982e325cc2f74cb0c9b3ab Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Wed, 3 Jan 2018 11:42:49 +0100 Subject: [PATCH 1/2] Show warning if slash is entered as filename Signed-off-by: Morris Jobke --- apps/files/js/files.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/files/js/files.js b/apps/files/js/files.js index 153307fec52ab..a1e59015b1d03 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -128,6 +128,8 @@ throw t('files', '"{name}" is an invalid file name.', {name: name}); } else if (trimmedName.length === 0) { throw t('files', 'File name cannot be empty.'); + } else if (trimmedName.indexOf('/') !== -1) { + throw t('files', '"/" is not allowed inside a file name.'); } else if (OC.fileIsBlacklisted(trimmedName)) { throw t('files', '"{name}" is not an allowed filetype', {name: name}); } From 0b4d18673e50a5c4f271a7fdfc1de47b47342942 Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Wed, 3 Jan 2018 11:58:55 +0100 Subject: [PATCH 2/2] Do not log user errors as log level 4 * hides log entries for the case the parent folder does not exist Signed-off-by: Morris Jobke --- apps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php b/apps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php index 68c9a1b415ff5..26e29e20d1201 100644 --- a/apps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php +++ b/apps/dav/lib/Connector/Sabre/ExceptionLoggerPlugin.php @@ -29,6 +29,7 @@ use OCA\DAV\Connector\Sabre\Exception\PasswordLoginForbidden; use OCP\Files\StorageNotAvailableException; use OCP\ILogger; +use Sabre\DAV\Exception\Conflict; use Sabre\DAV\Exception\Forbidden; use Sabre\DAV\Exception\InvalidSyncToken; use Sabre\DAV\Exception\NotAuthenticated; @@ -61,6 +62,9 @@ class ExceptionLoggerPlugin extends \Sabre\DAV\ServerPlugin { // happens if some a client uses the wrong method for a given URL // the error message itself is visible on the client side anyways NotImplemented::class => true, + // happens when the parent directory is not present (for example when a + // move is done to a non-existent directory) + Conflict::class => true, ]; /** @var string */