Merge pull request #29907 from nextcloud/backport/29902/stable21

[stable21] Check for invalid characters before trimming

Author: MichaIng

build/integration/features/bootstrap/WebDav.php

@@ -459,7 +459,10 @@ public function userUploadsAFileTo($user, $source, $destination) {
 		try {
 			$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
 		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 4xx and 5xx responses cause an exception
+			// 5xx responses cause a server exception
+			$this->response = $e->getResponse();
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			// 4xx responses cause a client exception
 			$this->response = $e->getResponse();
 		}
 	}
@@ -488,7 +491,10 @@ public function userUploadsAFileWithContentTo($user, $content, $destination) {
 		try {
 			$this->response = $this->makeDavRequest($user, "PUT", $destination, [], $file);
 		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 4xx and 5xx responses cause an exception
+			// 5xx responses cause a server exception
+			$this->response = $e->getResponse();
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			// 4xx responses cause a client exception
 			$this->response = $e->getResponse();
 		}
 	}
@@ -503,7 +509,10 @@ public function userDeletesFile($user, $type, $file) {
 		try {
 			$this->response = $this->makeDavRequest($user, 'DELETE', $file, []);
 		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 4xx and 5xx responses cause an exception
+			// 5xx responses cause a server exception
+			$this->response = $e->getResponse();
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			// 4xx responses cause a client exception
 			$this->response = $e->getResponse();
 		}
 	}
@@ -518,7 +527,10 @@ public function userCreatedAFolder($user, $destination) {
 			$destination = '/' . ltrim($destination, '/');
 			$this->response = $this->makeDavRequest($user, "MKCOL", $destination, []);
 		} catch (\GuzzleHttp\Exception\ServerException $e) {
-			// 4xx and 5xx responses cause an exception
+			// 5xx responses cause a server exception
+			$this->response = $e->getResponse();
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			// 4xx responses cause a client exception
 			$this->response = $e->getResponse();
 		}
 	}
@@ -589,8 +601,12 @@ public function userMovesNewChunkFileWithIdToMychunkedfileWithSize($user, $id, $
 	public function downloadingFileAs($fileName, $user) {
 		try {
 			$this->response = $this->makeDavRequest($user, 'GET', $fileName, []);
-		} catch (\GuzzleHttp\Exception\ServerException $ex) {
-			$this->response = $ex->getResponse();
+		} catch (\GuzzleHttp\Exception\ServerException $e) {
+			// 5xx responses cause a server exception
+			$this->response = $e->getResponse();
+		} catch (\GuzzleHttp\Exception\ClientException $e) {
+			// 4xx responses cause a client exception
+			$this->response = $e->getResponse();
 		}
 	}
 

build/integration/features/webdav-related.feature

@@ -608,3 +608,12 @@ Feature: webdav-related
 		And user "user0" uploads new chunk file "3" with "CCCCC" to id "chunking-42"
 		When user "user0" moves new chunk file with id "chunking-42" to "/myChunkedFile.txt" with size 15
 		Then the HTTP status code should be "201"
+
+	Scenario: Creating a folder with invalid characters
+		Given using new dav path
+		And As an "admin"
+		And user "user0" exists
+		And user "user1" exists
+		And As an "user1"
+		And user "user1" created a folder "/testshare	"
+		Then the HTTP status code should be "400"

lib/private/Files/Storage/Common.php

@@ -554,8 +554,8 @@ public function verifyPath($path, $fileName) {
 	 * @throws InvalidPathException
 	 */
 	protected function verifyPosixPath($fileName) {
-		$fileName = trim($fileName);
 		$this->scanForInvalidCharacters($fileName, "\\/");
+		$fileName = trim($fileName);
 		$reservedNames = ['*'];
 		if (in_array($fileName, $reservedNames)) {
 			throw new ReservedWordException();