private static $fopenMode = array(); // remember the fopen mode
private static $enableEncryption = false; // Enable encryption for the given path
+
+ /**
+ * check if path is excluded from encryption
+ *
+ * @param string $path relative to data/
+ * @param string $uid user
+ * @return boolean
+ */
+ private function isExcludedPath($path, $uid) {
+
+ // files outside of the files-folder are excluded
+ if(strpos($path, '/' . $uid . '/files') !== 0) {
+ return true;
+ }
+
+ // we don't encrypt server-to-server shares
+ list($storage, ) = \OC\Files\Filesystem::resolvePath($path);
+ if ($storage instanceof OCA\Files_Sharing\External\Storage) {
+ return true;
+ }
+
+ return false;
+ }
+
/**
* Check if a file requires encryption
* @param string $path
* Tests if server side encryption is enabled, and if we should call the
* crypt stream wrapper for the given file
*/
- private static function shouldEncrypt($path, $mode = 'w') {
+ private function shouldEncrypt($path, $mode = 'w') {
$userId = Helper::getUser($path);
$session = new Session(new \OC\Files\View());
if (
$session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized
|| Crypt::mode() !== 'server' // we are not in server-side-encryption mode
- || strpos($path, '/' . $userId . '/files') !== 0 // path is not in files/
+ || $this->isExcludedPath($path, $userId) // if path is excluded from encryption
|| substr($path, 0, 8) === 'crypt://' // we are already in crypt mode
) {
return false;
*/
public function preFile_put_contents($path, &$data) {
- if (self::shouldEncrypt($path)) {
+ if ($this->shouldEncrypt($path)) {
if (!is_resource($data)) {
public function preFopen($path, $mode) {
self::$fopenMode[$path] = $mode;
- self::$enableEncryption = self::shouldEncrypt($path, $mode);
+ self::$enableEncryption = $this->shouldEncrypt($path, $mode);
}
projects / nextcloud-server.git / commitdiff