[stable30] Fix renaming a received share by a user with stale shares #50228
+66
−4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…hare Signed-off-by: provokateurin <[email protected]>
… shares Signed-off-by: Daniel Calviño Sánchez <[email protected]>
danxuliu
added
bug
3. to review
|
/backport to stable29 |
|
Mmmm, it seems that it would be necessary to also backport 715e714, so this is starting to feel riskier than expected. And it also changes the signature of |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If a user tries to rename a received share and that user has stale shares (shares where the source file was deleted) an internal server error is triggered.
The problem comes from checking the existing shares to ensure that the share is not moved inside one of them. If the source file of a share made by the user was deleted when the node is tried to be got a
OCP\Files\NotFoundExceptionis thrown; this is not caught anywhere and causes an internal server error.In master the problem was fixed by c2ca99e. After that change
getSharesByfilters out shares with a no longer accessible node, sotargetIsNotSharedno longer throws an exception. However, the pull request that the commit belongs to has not been backported to the stable branches (and I assume that it will not be, as it is a new feature), so the issue is still present in the stable versions of Nextcloud.c2ca99e looks like a sane check independently of the rest of #49073, so I have cherry-picked just that commit (and added integration tests for the issue). But I do not really know if that could have any problematic side effect 🤷 so a careful review is encouraged :-)
How to test
curl --user admin:admin --request MKCOL --header "OCS-APIRequest: true" "http://127.0.0.1:8000/remote.php/dav/files/admin/folder-to-be-deleted")curl --user admin:admin --request POST --header "OCS-APIRequest: true" "http://127.0.0.1:8000/ocs/v1.php/apps/files_sharing/api/v1/shares?path=folder-to-be-deleted&shareType=0&shareWith=user0")curl --user admin:admin --request DELETE --header "OCS-APIRequest: true" "http://127.0.0.1:8000/remote.php/dav/files/admin/folder-to-be-deleted")curl --user user0:123456 --request MKCOL --header "OCS-APIRequest: true" "http://127.0.0.1:8000/remote.php/dav/files/user0/folder-to-be-renamed")curl --user user0:123456 --request POST --header "OCS-APIRequest: true" "http://127.0.0.1:8000/ocs/v1.php/apps/files_sharing/api/v1/shares?path=folder-to-be-renamed&shareType=0&shareWith=admin")curl --user admin:admin --request MOVE --header "OCS-APIRequest: true" --header "Destination: http://127.0.0.1:8000/remote.php/dav/files/admin/new-folder-name" "http://127.0.0.1:8000/remote.php/dav/files/admin/folder-to-be-renamed")Result with this pull request
The received share is renamed
Result without this pull request
Internal server error