Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shortcut name can contain invalid characters #11702

Closed
individual-it opened this issue Oct 2, 2024 · 0 comments · Fixed by #11707
Closed

shortcut name can contain invalid characters #11702

individual-it opened this issue Oct 2, 2024 · 0 comments · Fixed by #11707
Assignees
@AlexAndBear
Labels
Priority:p3-medium Normal priority Type:Bug Something isn't working

Comments

@individual-it
Copy link
Member

Describe the bug

In the UI the user can type any character as the name of a shortcut, but as this name effectively becomes the filename the request fails

grafik

Steps to reproduce

  1. create a new shortcut and type /../../a as the name

Expected behavior

the name should be filtered with the same rules as any other file-name

Actual behavior

the name is accepted by the webUI and send to the server.

/../../a results in the request PUT https://localhost:9200/remote.php/dav/a.url

<a href='something'>owncloud</a>' in the request PUT https://localhost:9200/remote.php/dav/spaces/9dbc278a-11d0-47e7-adfb-5079d990981a%244c510ada-c86b-4815-8820-42cdf82c3d51/%3Ca%20href%3Dsomething%3Eowncloud%3C/a%3E.url

Setup

Please describe how you started the server and provide a list of relevant environment variables or configuration files.

OCIS_INSECURE=true IDM_CREATE_DEMO_USERS=true PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_URL=https://localhost:9200  ./ocis-6.5.0-linux-amd64 server
@individual-it individual-it added the Type:Bug Something isn't working label Oct 2, 2024
@kulmann kulmann added the Priority:p3-medium Normal priority label Oct 2, 2024
@kulmann kulmann moved this from Qualification to Prio 3 or less in Infinite Scale Team Board Oct 2, 2024
@AlexAndBear AlexAndBear self-assigned this Oct 2, 2024
@AlexAndBear AlexAndBear mentioned this issue Oct 2, 2024
Merged
8 tasks
@github-project-automation github-project-automation bot moved this from Prio 3 or less to Done in Infinite Scale Team Board Oct 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexAndBear AlexAndBear

Labels
Priority:p3-medium Normal priority Type:Bug Something isn't working
Projects
Infinite Scale Team Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Restrict shortcut name owncloud/web
3 participants
@individual-it @kulmann @AlexAndBear