diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-07-13 12:01:15 +0200 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2015-09-22 12:19:56 +0200 |
| commit | c8a6fea1b476dae8953a36540d49e00865f5d807 (patch) | |
| tree | 9180d7e96329ff7898756b0f13760cfbbfb0dfaa | |
| parent | 67231ed9a75eafe5b417e4525e3d80b1a3f8826b (diff) | |
| download | nextcloud-server-c8a6fea1b476dae8953a36540d49e00865f5d807.tar.gz nextcloud-server-c8a6fea1b476dae8953a36540d49e00865f5d807.zip | |
Allow ajax requests on public webdav interface
Whenever outgoing shares are disabled, still allow ajax requests to make
it possible to use the Webdav interface in the public link page.
Please note that disabling outgoing shares isn't strong anyway as
someone could abuse the ajax endpoints to access files anyway. To
properly disable remote sharing, public link sharing must be disabled
too.
| -rw-r--r-- | apps/files_sharing/publicwebdav.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apps/files_sharing/publicwebdav.php b/apps/files_sharing/publicwebdav.php index 773a15c888e..fbf9d22cf76 100644 --- a/apps/files_sharing/publicwebdav.php +++ b/apps/files_sharing/publicwebdav.php @@ -46,7 +46,8 @@ $serverFactory = new \OC\Connector\Sabre\ServerFactory( $requestUri = \OC::$server->getRequest()->getRequestUri(); $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function () use ($authBackend) { - if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false) { + $isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest'); + if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false && !$isAjax) { // this is what is thrown when trying to access a non-existing share throw new \Sabre\DAV\Exception\NotAuthenticated(); } |