Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(SetupCheck): Properly check public access to data directory #46456

Merged
merged 1 commit into from
Aug 8, 2024
Merged

fix(SetupCheck): Properly check public access to data directory #46456

merged 1 commit into from
Aug 8, 2024

Conversation

susnux
Copy link
Contributor

@susnux susnux commented Jul 11, 2024

Summary

When checking for public (web) access to the data directory the status is not enough as you might have a webserver that forwards to e.g. a login page. So instead check that the content of the file matches.

For this the .ncdata file (renamed from .ocdata¹) has minimal text content to allow checking.

¹The file was renamed from the legacy .ocdata, there is a repair step to remove the old one.

Checklist

@susnux susnux added bug 3. to review Waiting for reviews ♻️ refactor Refactor code (not a bug fix, not a feature just refactoring) labels Jul 11, 2024
@susnux susnux added this to the Nextcloud 30 milestone Jul 11, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 11, 2024
View reviewed changes
apps/settings/lib/SetupChecks/DataDirectoryProtected.php
@@ -42,13 +42,21 @@
public function run(): SetupResult {
$datadir = str_replace(\OC::$SERVERROOT . '/', '', $this->config->getSystemValue('datadirectory', ''));

$dataUrl = $this->urlGenerator->getWebroot() . '/' . $datadir . '/.ocdata';
$dataUrl = $this->urlGenerator->getWebroot() . '/' . $datadir . '/.ncdata';

Check notice

Code scanning / Psalm

PossiblyInvalidOperand Note

Cannot concatenate with a array<array-key, string>|string
@marcelklehr marcelklehr removed their request for review July 15, 2024 03:56
@blizzz blizzz mentioned this pull request Jul 30, 2024
Merged
@susnux susnux mentioned this pull request Jul 30, 2024
Closed
5 tasks
come-nc
come-nc approved these changes Aug 1, 2024
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@blizzz blizzz mentioned this pull request Aug 1, 2024
Merged
This was referenced Aug 5, 2024
Merged
Merged
@susnux susnux force-pushed the fix/check-datadir branch 3 times, most recently from e396b90 to 0ad5aeb Compare August 8, 2024 17:17
@susnux @AndyScherzinger
fix(SetupCheck): Properly check public access to data directory
0563757 
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.

For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.

¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@Altahrim Altahrim merged commit 1b8dbcb into master Aug 8, 2024
169 checks passed
@Altahrim Altahrim deleted the fix/check-datadir branch August 8, 2024 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndyScherzinger AndyScherzinger AndyScherzinger approved these changes

@come-nc come-nc come-nc approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl

@sorbaugh sorbaugh Awaiting requested review from sorbaugh

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

Assignees
No one assigned
Labels
3. to review Waiting for reviews bug ♻️ refactor Refactor code (not a bug fix, not a feature just refactoring)
Projects
None yet
Milestone
Nextcloud 30
Development

Successfully merging this pull request may close these issues.
5 participants
@susnux @nickvergessen @AndyScherzinger @come-nc @Altahrim