From ac730bc3b9c3b7b8b2ddc1f72e70a29149a421bc Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Thu, 2 May 2024 20:25:09 +0200
Subject: [PATCH] fix: Make forbidden filename list case insensitive again

It previously was, even if not documented, case insensitive.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 config/config.sample.php           | 2 ++
 lib/private/Files/Filesystem.php   | 2 +-
 lib/public/Util.php                | 3 ++-
 tests/lib/Files/FilesystemTest.php | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/config/config.sample.php b/config/config.sample.php
index cb8e0342eda..ab582ba79df 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -1966,6 +1966,8 @@ $CONFIG = [
  *
  * WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING.
  *
+ * Note that this list is case-insensitive.
+ *
  * Defaults to ``array('.htaccess')``
  */
 'blacklisted_files' => ['.htaccess'],
diff --git a/lib/private/Files/Filesystem.php b/lib/private/Files/Filesystem.php
index 3bc240cb5b9..0049143135b 100644
--- a/lib/private/Files/Filesystem.php
+++ b/lib/private/Files/Filesystem.php
@@ -487,7 +487,7 @@ class Filesystem {
 		}
 
 		$forbiddenNames = \OCP\Util::getForbiddenFilenames();
-		return in_array($filename, $forbiddenNames);
+		return in_array(mb_strtolower($filename), $forbiddenNames);
 	}
 
 	/**
diff --git a/lib/public/Util.php b/lib/public/Util.php
index 666f440056e..6e172e68d71 100644
--- a/lib/public/Util.php
+++ b/lib/public/Util.php
@@ -527,6 +527,7 @@ class Util {
 
 	/**
 	 * Get a list of reserved file names that must not be used
+	 * This list should be checked case-insensitive, all names are returned lowercase.
 	 * @return string[]
 	 * @since 30.0.0
 	 */
@@ -539,7 +540,7 @@ class Util {
 				\OCP\Server::get(LoggerInterface::class)->error('Invalid system config value for "blacklisted_files" is ignored.');
 				$invalidFilenames = ['.htaccess'];
 			}
-			self::$invalidFilenames = $invalidFilenames;
+			self::$invalidFilenames = array_map('mb_strtolower', $invalidFilenames);
 		}
 		return self::$invalidFilenames;
 	}
diff --git a/tests/lib/Files/FilesystemTest.php b/tests/lib/Files/FilesystemTest.php
index 5662a550773..5b2c68df486 100644
--- a/tests/lib/Files/FilesystemTest.php
+++ b/tests/lib/Files/FilesystemTest.php
@@ -284,7 +284,7 @@ class FilesystemTest extends \Test\TestCase {
 			['/etc/foo\bar/.htaccess/', true],
 			['/etc/foo\bar/.htaccess/foo', false],
 			['//foo//bar/\.htaccess/', true],
-			['\foo\bar\.htaccess', true],
+			['\foo\bar\.HTAccess', true],
 		];
 	}