From 7e88bc42489f33297e421d7b87a475662dc343e0 Mon Sep 17 00:00:00 2001
From: Varun Patil <varunpatil@ucla.edu>
Date: Sun, 16 Apr 2023 00:05:41 -0700
Subject: [PATCH] image: prevent overwrite on copy

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
---
 lib/Controller/ImageController.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php
index d6f8a664..5649a720 100644
--- a/lib/Controller/ImageController.php
+++ b/lib/Controller/ImageController.php
@@ -310,6 +310,11 @@ class ImageController extends GenericApiController
                 throw Exceptions::ForbiddenFileUpdate($file->getName());
             }
 
+            // Check if target copy file exists
+            if ($copy && $file->getParent()->nodeExists($name)) {
+                throw Exceptions::ForbiddenFileUpdate($name);
+            }
+
             // Check if we have imagick
             if (!class_exists('Imagick')) {
                 throw Exceptions::Forbidden('Imagick extension is not available');