diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-21 11:39:37 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2014-06-14 10:14:07 +0200 |
| commit | c580aeb4550adab2ffaa25f9b844012d54f9f05f (patch) | |
| tree | f7b64e0aab4449166659bf85be90388eb433a4c9 | |
| parent | 961317d9114afda53a381802880d6c94af7ccb47 (diff) | |
| download | nextcloud-server-c580aeb4550adab2ffaa25f9b844012d54f9f05f.tar.gz nextcloud-server-c580aeb4550adab2ffaa25f9b844012d54f9f05f.zip | |
exclude mounted server-to-server shares from encryption
| -rw-r--r-- | apps/files_encryption/lib/proxy.php | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index fd91073b8de..51de8fc7e41 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -41,6 +41,30 @@ class Proxy extends \OC_FileProxy { private static $fopenMode = array(); // remember the fopen mode private static $enableEncryption = false; // Enable encryption for the given path + + /** + * check if path is excluded from encryption + * + * @param string $path relative to data/ + * @param string $uid user + * @return boolean + */ + private function isExcludedPath($path, $uid) { + + // files outside of the files-folder are excluded + if(strpos($path, '/' . $uid . '/files') !== 0) { + return true; + } + + // we don't encrypt server-to-server shares + list($storage, ) = \OC\Files\Filesystem::resolvePath($path); + if ($storage instanceof OCA\Files_Sharing\External\Storage) { + return true; + } + + return false; + } + /** * Check if a file requires encryption * @param string $path @@ -50,7 +74,7 @@ class Proxy extends \OC_FileProxy { * Tests if server side encryption is enabled, and if we should call the * crypt stream wrapper for the given file */ - private static function shouldEncrypt($path, $mode = 'w') { + private function shouldEncrypt($path, $mode = 'w') { $userId = Helper::getUser($path); $session = new Session(new \OC\Files\View()); @@ -59,7 +83,7 @@ class Proxy extends \OC_FileProxy { if ( $session->getInitialized() !== Session::INIT_SUCCESSFUL // encryption successful initialized || Crypt::mode() !== 'server' // we are not in server-side-encryption mode - || strpos($path, '/' . $userId . '/files') !== 0 // path is not in files/ + || $this->isExcludedPath($path, $userId) // if path is excluded from encryption || substr($path, 0, 8) === 'crypt://' // we are already in crypt mode ) { return false; @@ -85,7 +109,7 @@ class Proxy extends \OC_FileProxy { */ public function preFile_put_contents($path, &$data) { - if (self::shouldEncrypt($path)) { + if ($this->shouldEncrypt($path)) { if (!is_resource($data)) { @@ -219,7 +243,7 @@ class Proxy extends \OC_FileProxy { public function preFopen($path, $mode) { self::$fopenMode[$path] = $mode; - self::$enableEncryption = self::shouldEncrypt($path, $mode); + self::$enableEncryption = $this->shouldEncrypt($path, $mode); } |