Merge pull request #3946 from owncloud/fixing-3942-master

handle anonymous upload to reshared folder

4 files changed, 40 insertions, 44 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 54604d10563..dde5d3c50af 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -26,21 +26,18 @@ if (empty($_POST['dirToken'])) {
 	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
 		OCP\JSON::checkLoggedIn();
 	} else {
+		// resolve reshares
+		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
+
 		// Setup FS with owner
 		OC_Util::tearDownFS();
-		OC_Util::setupFS($linkItem['uid_owner']);
-
-		// translate linkItem to the real folder name on the file system
-		$sharedItem = OCP\Share::getSharedItem($linkItem['item_type'], $linkItem['item_source'], $linkItem['uid_owner']);
-		if (!$sharedItem || empty($sharedItem) || $sharedItem === false) {
-			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
-			die();
-		}
+		OC_Util::setupFS($rootLinkItem['uid_owner']);
 
 		// The token defines the target directory (security reasons)
+		$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
 		$dir = sprintf(
 			"/%s/%s",
-			$sharedItem['path'],
+			$path,
 			isset($_POST['subdir']) ? $_POST['subdir'] : ''
 		);
 
@@ -83,17 +80,17 @@ $files = $_FILES['files'];
 
 $error = '';
 
-$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir);
-$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize);
+$maxUploadFileSize = $storageStats['uploadMaxFilesize'];
+$maxHumanFileSize = OCP\Util::humanFileSize($maxUploadFileSize);
 
 $totalSize = 0;
 foreach ($files['size'] as $size) {
 	$totalSize += $size;
 }
-if ($maxUploadFilesize >= 0 and $totalSize > $maxUploadFilesize) {
+if ($maxUploadFileSize >= 0 and $totalSize > $maxUploadFileSize) {
 	OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'),
-		'uploadMaxFilesize' => $maxUploadFilesize,
-		'maxHumanFilesize' => $maxHumanFilesize)));
+		'uploadMaxFilesize' => $maxUploadFileSize,
+		'maxHumanFilesize' => $maxHumanFileSize)));
 	exit();
 }
 
@@ -115,8 +112,8 @@ if (strpos($dir, '..') === false) {
 				'id' => $meta['fileid'],
 				'name' => basename($target),
 				'originalname' => $files['name'][$i],
-				'uploadMaxFilesize' => $maxUploadFilesize,
-				'maxHumanFilesize' => $maxHumanFilesize
+				'uploadMaxFilesize' => $maxUploadFileSize,
+				'maxHumanFilesize' => $maxHumanFileSize
 			);
 		}
 	}
diff --git a/apps/files/index.php b/apps/files/index.php
index 640c28c0075..2338cf439e4 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -137,5 +137,6 @@ if ($needUpgrade) {
 	$tmpl->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));
 	$tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
 	$tmpl->assign('usedSpacePercent', (int)$storageInfo['relative']);
+	$tmpl->assign('isPublic', false);
 	$tmpl->printPage();
 }
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 96fe12fc86a..9462844a82b 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -27,23 +27,9 @@ if (isset($_GET['t'])) {
 		$type = $linkItem['item_type'];
 		$fileSource = $linkItem['file_source'];
 		$shareOwner = $linkItem['uid_owner'];
-		$fileOwner = null;
 		$path = null;
-		if (isset($linkItem['parent'])) {
-			$parent = $linkItem['parent'];
-			while (isset($parent)) {
-				$query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1);
-				$item = $query->execute(array($parent))->fetchRow();
-				if (isset($item['parent'])) {
-					$parent = $item['parent'];
-				} else {
-					$fileOwner = $item['uid_owner'];
-					break;
-				}
-			}
-		} else {
-			$fileOwner = $shareOwner;
-		}
+		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
+		$fileOwner = $rootLinkItem['uid_owner'];
 		if (isset($fileOwner)) {
 			OC_Util::tearDownFS();
 			OC_Util::setupFS($fileOwner);
@@ -151,7 +137,7 @@ if (isset($path)) {
 		if (\OCP\App::isEnabled('files_encryption')) {
 			$allowPublicUploadEnabled = false;
 		}
-		if (isset($file)) {
+		if ($linkItem['item_type'] !== 'folder') {
 			$allowPublicUploadEnabled = false;
 		}
 		$tmpl->assign('allowPublicUploadEnabled', $allowPublicUploadEnabled);
diff --git a/lib/public/share.php b/lib/public/share.php
index 28878c2c868..7ae0ffe0bfd 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -292,6 +292,29 @@ class Share {
 	}
 
 	/**
+	 * @brief resolves reshares down to the last real share
+	 * @param $linkItem
+	 * @return $fileOwner
+	 */
+	public static function resolveReShare($linkItem)
+	{
+		if (isset($linkItem['parent'])) {
+			$parent = $linkItem['parent'];
+			while (isset($parent)) {
+				$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*share` WHERE `id` = ?', 1);
+				$item = $query->execute(array($parent))->fetchRow();
+				if (isset($item['parent'])) {
+					$parent = $item['parent'];
+				} else {
+					return $item;
+				}
+			}
+		}
+		return $linkItem;
+	}
+
+
+	/**
 	* @brief Get the shared items of item type owned by the current user
 	* @param string Item type
 	* @param int Format (optional) Format type must be defined by the backend
@@ -318,17 +341,6 @@ class Share {
 	}
 
 	/**
-	 * @param $itemType
-	 * @param $itemSource
-	 * @param $uid_owner
-	 * @return mixed
-	 */
-	public static function getSharedItem($itemType, $itemSource, $uid_owner) {
-		return self::getItems($itemType, $itemSource, null, null, $uid_owner, self::FORMAT_NONE,
-			null, 1, false);
-	}
-
-	/**
 	* Get all users an item is shared with
 	* @param string Item type
 	* @param string Item source