creating and deleting of file and folder 'Shared' in root is not allowed

author Thomas Müller <thomas.mueller@tmit.eu>

Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)

committer Thomas Müller <thomas.mueller@tmit.eu>

Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)
author Thomas Müller <thomas.mueller@tmit.eu>
Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)
committer Thomas Müller <thomas.mueller@tmit.eu>
Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php

index c51f84bf67c7ece5f9c6bf58ba1a8653f7881463..02d1a9f4ba2712735b2d9dce9b8024b126c44492 100644 (file)
--- a/lib/private/connector/sabre/directory.php
+++ b/lib/private/connector/sabre/directory.php
@@ -50,6 +50,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
          */
         public function createFile($name, $data = null) {
  
+               if ($name === 'Shared' && empty($this->path)) {
+                       throw new \Sabre_DAV_Exception_Forbidden();
+               }
+
                 // for chunked upload also updating a existing file is a "createFile"
                 // because we create all the chunks before reasamble them to the existing file.
                 if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
@@ -82,6 +86,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
          */
         public function createDirectory($name) {
  
+               if ($name === 'Shared' && empty($this->path)) {
+                       throw new \Sabre_DAV_Exception_Forbidden();
+               }
+
                 if (!\OC\Files\Filesystem::isCreatable($this->path)) {
                         throw new \Sabre_DAV_Exception_Forbidden();
                 }
@@ -187,13 +195,16 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
          */
         public function delete() {
  
-               if (!\OC\Files\Filesystem::isDeletable($this->path)) {
+               if ($this->path === 'Shared') {
                         throw new \Sabre_DAV_Exception_Forbidden();
                 }
-               if ($this->path != "/Shared") {
-                       \OC\Files\Filesystem::rmdir($this->path);
+
+               if (!\OC\Files\Filesystem::isDeletable($this->path)) {
+                       throw new \Sabre_DAV_Exception_Forbidden();
                 }
  
+               \OC\Files\Filesystem::rmdir($this->path);
+
         }
  
         /**
diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php

index 3402946a136b867df5550df582ae8505382c5560..7b8462cae5e41aef076793415765ccdbe9baa95d 100644 (file)
--- a/lib/private/connector/sabre/file.php
+++ b/lib/private/connector/sabre/file.php
@@ -143,6 +143,10 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
          */
         public function delete() {
  
+               if ($this->path === 'Shared') {
+                       throw new \Sabre_DAV_Exception_Forbidden();
+               }
+
                 if (!\OC\Files\Filesystem::isDeletable($this->path)) {
                         throw new \Sabre_DAV_Exception_Forbidden();
                 }
author	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)
committer	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 22 Oct 2013 09:10:07 +0000 (11:10 +0200)
lib/private/connector/sabre/directory.php		patch \| blob \| history
lib/private/connector/sabre/file.php		patch \| blob \| history