-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get the parent directory before creating a file from a template #26396
Conversation
@juliushaertl Thanks for taking this over! What I still can reproduce though is the following issue: Click to expandIt happens when I try to create a new website (and folder) with the same configuration (root folder read only and mounted subfolder which is writeable) with the pico_cms app.
But I am not sure if this is an issue of the Pico CMS app or server related? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
But needs CI and psalm love
Seems to be a similar case where the pico_cms app would need a related fix to get the node of the parent directory first before creating the file, so I'd suggest to open an issue in the apps repo. |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
…25787) Signed-off-by: Julius Härtl <jus@bitgrid.net>
9c23482
to
6fd5714
Compare
Checks are happy except for |
I'll do, thanks for the advice! :) |
@juliushaertl backports? |
/backport to stable21 |
Thanks. Sure, adding such a check is no big deal 👍 However, I was thinking... What's the reason for Nextcloud to check the base path's permission instead of the parent folder's @juliushaertl? The only reason for this I could think of is, that |
Nextcloud's file operations API apparently is unable to proberly deal with relative paths (even though the docs tell us otherwise). It (a) performs file permission checks on the base directory rather than the respective parent directory (:confused:), and (b) blocks relative paths like '..' (likely as a security measure - by using the most unsophisticated approach :unamused:). Also see nextcloud/server#26396. We better do this on our own... Fixes #141 Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
@juliushaertl What do you think about this? |
@rullzer @icewind1991 I'd say that is a valid point, was there any plan on if the nodes api should support relative paths or if the parameters should only be interpreted as a single level file/folder name? Due to server/lib/public/Files/Folder.php Line 103 in 8a92229
|
Permissions when creating a new file or folder are always issued on the current node so when using the relative path directly on the user directory creating a new file will fail in scenarios where there is a read only mount on the user root.
Fixes nextcloud/android#8010
Fixes #25787