Merge pull request #279 from klada/userhome_sanity_check

Add sanity checks for user home directory
nextcloud · Nov 27, 2018 · d1d43d6 · d1d43d6
2 parents 0b4787b + 3b930d8
commit d1d43d6
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/lib/UserBackend.php b/lib/UserBackend.php
@@ -121,10 +121,20 @@ public function createUserIfNotExists($uid, array $attributes = array()) {
 			try {
 				$home = $this->getAttributeValue('saml-attribute-mapping-home_mapping', $attributes);
 			} catch (\InvalidArgumentException $e) {
-				$home = null;
+				$home = '';
 			}
 
-			if ($home !== null) {
+			if ($home !== '') {
+				//if attribute's value is an absolute path take this, otherwise append it to data dir
+				//check for / at the beginning or pattern c:\ resp. c:/
+				if(   '/' !== $home[0]
+				   && !(3 < strlen($home) && ctype_alpha($home[0])
+					   && $home[1] === ':' && ('\\' === $home[2] || '/' === $home[2]))
+				) {
+					$home = $this->config->getSystemValue('datadirectory',
+							\OC::$SERVERROOT.'/data' ) . '/' . $home;
+				}
+
 				$values['home'] = $home;
 			}