Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if file or dir is .. #711

Merged
merged 4 commits into from
Oct 31, 2024
Merged

Check if file or dir is .. #711

merged 4 commits into from
Oct 31, 2024

Conversation

feiniks
Copy link
Contributor

@feiniks feiniks commented Oct 31, 2024

No description provided.

killing
killing reviewed Oct 31, 2024
View reviewed changes
Copy link
Member

@killing killing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

put_update_branch_cb 里面需要做一下 diff 来检查上传的路径是否包含 ..

另外 go fileserver 也需要实现一下检查的逻辑。

server/repo-mgr.c Outdated
file_name = components[j];
if (g_strcmp0(file_name, "..") == 0) {
g_strfreev (components);
seaf_warning ("File or dir name is .., skip.\n");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里不需要打印日志。

common/rpc-service.c Outdated
@@ -2387,6 +2387,11 @@ seafile_post_file (const char *repo_id, const char *temp_file_path,
return -1;
}

if (g_strcmp0(file_name, "..") == 0) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

看了一下,rpc 和文件上传的 API,最终都会调用 should_ignore_file() 来检查文件名的合法性的,所以这些检查都不需要了。

killing
killing reviewed Oct 31, 2024
View reviewed changes
fileserver/sync_api.go
}
if entry.NewName == "" && shouldIgnore(entry.Name) {
return true
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

如果是 rename 事件,那么不用检查 Name 字段了,只需要检查 NewName。另外,上面的代码第二个 if 写错了。

@killing killing merged commit aee8be7 into 11.0 Oct 31, 2024
2 checks passed
@killing killing deleted the check_name branch October 31, 2024 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@killing killing killing left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@feiniks @killing