Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow RTLO char in filenames #10030

Closed
wants to merge 1 commit into from
Closed

Do not allow RTLO char in filenames #10030

wants to merge 1 commit into from

Conversation

rullzer
Copy link
Member

@rullzer rullzer commented Jun 27, 2018

Signed-off-by: Roeland Jago Douma roeland@famdouma.nl

@rullzer
Do not allow RTLO char in filenames
4637fd7 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer added this to the Nextcloud 14 milestone Jun 27, 2018
ChristophWurst
ChristophWurst reviewed Jun 28, 2018
View reviewed changes
tests/lib/Files/PathVerificationTest.php
* @dataProvider providesInvalidUnicode
*/
public function testPathVerificationInvalidUnicode(string $fileName) {
$this->expectException(InvalidPathException::class);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aren't you throwing an InvalidCharacterInPathException instance?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that it's a specialization but I just wanted to bring it up in case this wasn't intentional 😉

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah we are. But it is internal mainly. The point here is that we get that the path is invalid :)

@nickvergessen
Copy link
Member

Hmm I guess it's fine, but of course it could cause problems in RTL countries if people name their files in their language, which is why I didn't plan to do this yet. Just imagine you would have to name your files tohsneercs all the time instead of screenshot

nickvergessen
nickvergessen requested changes Jun 28, 2018
View reviewed changes
lib/private/Files/Storage/Common.php
@@ -531,6 +531,11 @@ public function verifyPath($path, $fileName) {
}
}

// Do not allow RTLO char
if (mb_strpos($fileName, mb_chr(8238, 'utf8')) !== false) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mb_chr is php 7.2+ so we can't use it

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nextcloud/3rdparty/blob/master/symfony/polyfill-mbstring/bootstrap.php#L56

@rullzer
Copy link
Member Author

rullzer commented Jun 28, 2018

Hmm I guess it's fine, but of course it could cause problems in RTL countries if people name their files in their language, which is why I didn't plan to do this yet. Just imagine you would have to name your files tohsneercs all the time instead of screenshot

mmm fair enough. Maybe then we should just forbid the char anywhere but the first char?

@jaller94
Copy link

I don't see an issue connected to this PR.
Why does this char need to be disallowed? What is broken?
How do the operating systems handle the RTLO char in filenames?

@nickvergessen
Copy link
Member

Related forum topic: https://help.nextcloud.com/t/need-input-from-rtl-people/33444

Yeah, there is a non-public issue about this, but we are still trying to find the best way to deal with this.

@nextcloud-bot nextcloud-bot added the stale Ticket or PR with no recent activity label Jul 24, 2018
This was referenced Jul 24, 2018
Merged
Closed
@MorrisJobke
Copy link
Member

As @nickvergessen already wrote in #10410 (comment): maybe it's better to not go for that approach.

@nextcloud-bot nextcloud-bot removed the stale Ticket or PR with no recent activity label Jul 26, 2018
@alexara
Copy link

alexara commented Jul 29, 2018

If you allow RTLO, please consider, that it can be used to spoof file names by malicious users.

For example, the file name with ThisIsRTLOfileexe.doc is actually ThisIsRTLOfiledoc.exe, which is an executable file with a U+202e placed just before “doc.”

Source: https://resources.infosecinstitute.com/spoof-using-right-to-left-override-rtlo-technique-2/

@nickvergessen
Copy link
Member

yes @alexara that was exactly why this PR was started. But we asked users of RTL languages for feedback and they are using mixed and RTL only names, so we would cause a lot of problems for them, to prevent fraud by your colleagues and friends, people that share the instance with you.

Which is why I vote for no

@rullzer rullzer mentioned this pull request Aug 2, 2018
Closed
58 tasks
@rullzer rullzer modified the milestones: Nextcloud 14, Nextcloud 15 Aug 10, 2018
@nickvergessen nickvergessen deleted the fix/noid/no_rtlo_char branch September 12, 2018 10:00
@nextcloud-bot nextcloud-bot mentioned this pull request Oct 11, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst ChristophWurst left review comments

@nickvergessen nickvergessen nickvergessen requested changes

@MorrisJobke MorrisJobke Awaiting requested review from MorrisJobke

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@blizzz blizzz Awaiting requested review from blizzz

@danxuliu danxuliu Awaiting requested review from danxuliu

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug enhancement
Projects
None yet
Milestone
Nextcloud 15
Development

Successfully merging this pull request may close these issues.
7 participants
@rullzer @nickvergessen @jaller94 @MorrisJobke @alexara @ChristophWurst @nextcloud-bot