Ensure permissions can't be escalated during a reshare

1 files changed, 12 insertions, 7 deletions

diff --git a/lib/public/share.php b/lib/public/share.php
index 4e43687a13e..766b0a3164c 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -662,13 +662,18 @@ class Share {
 		// Check if this is a reshare
 		// TODO This query has pretty bad performance if there are large collections, figure out a way to make the collection searching more efficient
 		if ($checkReshare = self::getItemSharedWith($itemType, $itemSource, self::FORMAT_NONE, null, true)) {
-			if ($checkReshare['permissions'] & self::PERMISSION_SHARE) {
-				// TODO Check that other permissions aren't escalated
-				// TODO Don't check if inside folder
-				$parent = $checkReshare['id'];
-				$itemSource = $checkReshare['item_source'];
-				$fileSource = $checkReshare['file_source'];
-				$filePath = $checkReshare['file_target'];
+			if ((int)$checkReshare['permissions'] & self::PERMISSION_SHARE) {
+				if (~(int)$checkReshare['permissions'] & $permissions) {
+					$message = 'Sharing '.$itemSource.' failed, because the permissions exceed permissions granted to '.$uidOwner;
+					\OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
+					throw new \Exception($message);
+				} else {
+					// TODO Don't check if inside folder
+					$parent = $checkReshare['id'];
+					$itemSource = $checkReshare['item_source'];
+					$fileSource = $checkReshare['file_source'];
+					$filePath = $checkReshare['file_target'];
+				}
 			} else {
 				$message = 'Sharing '.$itemSource.' failed, because resharing is not allowed';
 				\OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);