]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 761ee14)
A valid user session is required for circles. 24446/head
authorDaniel Kesselberg <mail@danielkesselberg.de>
Fri, 23 Oct 2020 19:18:02 +0000 (21:18 +0200)
committerbackportbot[bot] <backportbot[bot]@users.noreply.github.com>
Mon, 30 Nov 2020 09:01:53 +0000 (09:01 +0000)
The circles app depends on a valid userId. A public shared calender might be viewed by guests without a user session. For such requests the principal is null.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
apps/dav/lib/Connector/Sabre/Principal.php patch | blob | history

diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index 14bb8798630e6ab1c4a67f4eff66d43cfb029037..5dedb0a7d7b94d9db40fe08086a83c587ddf0f19 100644 (file)
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -178,7 +178,9 @@ class Principal implements BackendInterface {
                                return $this->userToPrincipal($user);
                        }
                } elseif ($prefix === 'principals/circles') {
-                       return $this->circleToPrincipal($name);
+                       if ($this->userSession->getUser() !== null) {
+                               return $this->circleToPrincipal($name);
+                       }
                }
                return null;
        }
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server