Server: Apps with .htaccess file sometimes do not pass the integrity check
- having an app with an
.htaccessfile - having a signature in this app
- install the app via appstore
- expected: signature passes
- actual: signature does not pass, because this .htaccess file is missing
We think that this is causes by the NC code do not allow to write .htaccess files in the apps.
MorrisJobke
All 4 comments
cc @rullzer @blizzz @ChristophWurst
MorrisJobke
on 6 Jun 2018
It seems that the file is actually in the archive, but does not get properly extracted :/
MorrisJobke
on 27 Sep 2018
I did some testing and digging and found the problem:
The file is ignored after extraction the extraction dir still contains the .htaccessfiles but after copyr the files are gone. This is caused by a blacklist check:
https://github.com/nextcloud/server/blob/master/lib/private/legacy/helper.php#L191
.htaccess is returned:
https://github.com/nextcloud/server/blob/master/lib/private/Files/Filesystem.php#L620
I guess .htaccess is blacklisted for a good reason and we can't simply remove it.
Grotax
on 4 Oct 2018
@Grotax Thanks - and suddenly all makes sense. So the approach by @rullzer was the correct one - it should simply not be packaged: https://github.com/nextcloud/news/pull/347
Thanks again for this finding. 馃憤
MorrisJobke
on 4 Oct 2018
Related issues
georgehrke
路
3Comments
MariusBluem
路
3Comments
mfechner
路
3Comments
Django-BOfH
路
3Comments
williambargent
路
3Comments
Most helpful comment
I did some testing and digging and found the problem:
The file is ignored after extraction the extraction dir still contains the
.htaccessfiles but aftercopyrthe files are gone. This is caused by a blacklist check:https://github.com/nextcloud/server/blob/master/lib/private/legacy/helper.php#L191
.htaccessis returned:https://github.com/nextcloud/server/blob/master/lib/private/Files/Filesystem.php#L620
I guess
.htaccessis blacklisted for a good reason and we can't simply remove it.