OC_Util::setupFS($user) will create a data dir for the given string - no matter if...

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 0e905f993ac0a8f721d91ad8f8835d2f34e5b3f7..bdaf6a77d1434fcadfb8b2fdff2726eb1116b40f 100644 (file)
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -34,6 +34,7 @@ if (empty($_POST['dirToken'])) {
                // resolve reshares
                $rootLinkItem = OCP\Share::resolveReShare($linkItem);
 
+               OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
                // Setup FS with owner
                OC_Util::tearDownFS();
                OC_Util::setupFS($rootLinkItem['uid_owner']);

diff --git a/apps/files/triggerupdate.php b/apps/files/triggerupdate.php
index 0e29edbba35ef32f821d9782ba5ebe95e4e21cbd..a37b9823add43ac72061790d987a9ec7610c8ab8 100644 (file)
--- a/apps/files/triggerupdate.php
+++ b/apps/files/triggerupdate.php
@@ -6,6 +6,7 @@ if (OC::$CLI) {
        if (count($argv) === 2) {
                $file = $argv[1];
                list(, $user) = explode('/', $file);
+               OCP\JSON::checkUserExists($owner);
                OC_Util::setupFS($user);
                $view = new \OC\Files\View('');
                /**

diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
index 54a9806e8bf2d25b35e27bf3115ecc293104ee8b..a52f522afac529e6c970816f2d0a6b9a2383a1cc 100644 (file)
--- a/apps/files_sharing/ajax/publicpreview.php
+++ b/apps/files_sharing/ajax/publicpreview.php
@@ -39,6 +39,7 @@ if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
 $rootLinkItem = OCP\Share::resolveReShare($linkedItem);
 $userId = $rootLinkItem['uid_owner'];
 
+OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
 \OC_Util::setupFS($userId);
 \OC\Files\Filesystem::initMountPoints($userId);
 $view = new \OC\Files\View('/' . $userId . '/files');
@@ -88,4 +89,4 @@ try{
 } catch (\Exception $e) {
        \OC_Response::setStatus(500);
        \OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG);
-}
\ No newline at end of file
+}

diff --git a/apps/files_sharing/appinfo/update.php b/apps/files_sharing/appinfo/update.php
index 0d827da28eab18d8ad98a414bb9cf2899bd761f8..4b716e764f4c343255f41cf94817ee531cbc4e12 100644 (file)
--- a/apps/files_sharing/appinfo/update.php
+++ b/apps/files_sharing/appinfo/update.php
@@ -44,6 +44,7 @@ if (version_compare($installedVersion, '0.3', '<')) {
                                $shareType = OCP\Share::SHARE_TYPE_USER;
                                $shareWith = $row['uid_shared_with'];
                        }
+                       OCP\JSON::checkUserExists($row['uid_owner']);
                        OC_User::setUserId($row['uid_owner']);
                        //we need to setup the filesystem for the user, otherwise OC_FileSystem::getRoot will fail and break
                        OC_Util::setupFS($row['uid_owner']);

diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index d050efd5b3202244def53407e74641f16306c9f4..80dd708ee51611e7368554ed3710d8516a69c860 100644 (file)
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -43,10 +43,10 @@ if (isset($_GET['t'])) {
                $shareOwner = $linkItem['uid_owner'];
                $path = null;
                $rootLinkItem = OCP\Share::resolveReShare($linkItem);
-               $fileOwner = $rootLinkItem['uid_owner'];
-               if (isset($fileOwner)) {
+               if (isset($rootLinkItem['uid_owner'])) {
+                       OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
                        OC_Util::tearDownFS();
-                       OC_Util::setupFS($fileOwner);
+                       OC_Util::setupFS($rootLinkItem['uid_owner']);
                        $path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
                }
        }

diff --git a/lib/private/json.php b/lib/private/json.php
index 6a9e5a2df5e735c4985035a7103d512ae581682a..5c5d7e3a3da5a93dacbd127329150aefb319654b 100644 (file)
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -64,6 +64,20 @@ class OC_JSON{
                }
        }
 
+       /**
+        * Check is a given user exists - send json error msg if not
+        * @param string $user
+        */
+       public static function checkUserExists($user) {
+               if (!OCP\User::userExists($user)) {
+                       $l = OC_L10N::get('lib');
+                       OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user'))));
+                       exit;
+               }
+       }
+
+
+
        /**
        * Check if the user is a subadmin, send json error msg if not
        */

diff --git a/lib/private/util.php b/lib/private/util.php
index 72afa6f94781786bb32b67ee2aa701853cd7c399..8aa7a074d0d0e70340dbec906dd0a48d0cc99991 100755 (executable)
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -51,6 +51,10 @@ class OC_Util {
                        self::$rootMounted = true;
                }
 
+               if ($user != '' && !OCP\User::userExists($user)) {
+                       return false;
+               }
+
                //if we aren't logged in, there is no use to set up the filesystem
                if( $user != "" ) {
                        \OC\Files\Filesystem::addStorageWrapper(function($mountPoint, $storage){

diff --git a/lib/public/json.php b/lib/public/json.php
index 831e3ef1cf6f03401a6d400f415a1cc2d06a846d..cd5d233ef90d114169d00320128946afe1887278 100644 (file)
--- a/lib/public/json.php
+++ b/lib/public/json.php
@@ -167,7 +167,7 @@ class JSON {
        * @return string json formatted string if not admin user.
        */
        public static function checkAdminUser() {
-               return(\OC_JSON::checkAdminUser());
+               \OC_JSON::checkAdminUser();
        }
 
        /**
@@ -177,4 +177,12 @@ class JSON {
        public static function encode($data) {
                return(\OC_JSON::encode($data));
        }
+
+       /**
+        * Check is a given user exists - send json error msg if not
+        * @param string $user
+        */
+       public static function checkUserExists($user) {
+               \OC_JSON::checkUserExists($user);
+       }
 }