diff options
| author | Bastien Durel <bastien@durel.org> | 2019-01-04 13:05:35 +0100 |
|---|---|---|
| committer | Backportbot <backportbot-noreply@rullzer.com> | 2019-01-04 18:42:42 +0000 |
| commit | 4535cc50adcfe68a96f3647c19fc762803ee15f4 (patch) | |
| tree | efe6dc46b1bf60b4a335f4f4c9f3fd79df59ba8c /apps/dav/lib | |
| parent | f736b3445f3cc6f486604da60ce86063daf7918a (diff) | |
| download | nextcloud-server-4535cc50adcfe68a96f3647c19fc762803ee15f4.tar.gz nextcloud-server-4535cc50adcfe68a96f3647c19fc762803ee15f4.zip | |
check anonymous OPTIONS requests file in root (not in subdir)
Signed-off-by: Bastien Durel <bastien@durel.org>
Diffstat (limited to 'apps/dav/lib')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php index 390cb4a9c67..67c1a9a5118 100644 --- a/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php +++ b/apps/dav/lib/Connector/Sabre/AnonymousOptionsPlugin.php @@ -46,11 +46,18 @@ class AnonymousOptionsPlugin extends ServerPlugin { } /** + * @return bool + */ + public function isRequestInRoot($path) { + return $path === '' || (is_string($path) && strpos($path, '/') === FALSE); + } + + /** * @throws \Sabre\DAV\Exception\Forbidden * @return bool */ public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) { - if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS') { + if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS' && $this->isRequestInRoot($request->getPath())) { /** @var CorePlugin $corePlugin */ $corePlugin = $this->server->getPlugin('core'); // setup a fake tree for anonymous access |