diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-03-24 11:21:58 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-03-24 11:21:58 +0100 |
| commit | e2453d78c0a2e6fcdfa3c826cb231ab3865c4cf8 (patch) | |
| tree | 75302e4a33c0efed0d9896f2ed869b241cfa92c5 /apps/files/js/jquery-visibility.js | |
| parent | 02c0fe8d43d409797162b71dbacd1565976b128c (diff) | |
| download | nextcloud-server-e2453d78c0a2e6fcdfa3c826cb231ab3865c4cf8.tar.gz nextcloud-server-e2453d78c0a2e6fcdfa3c826cb231ab3865c4cf8.zip | |
Properly catch whether a share is `null`
Despite it's PHPDoc the function might return `null` which was not properly catched and thus in some situations the share was resolved to the sharing users root directory.
To test this perform the following steps:
* Share file in owncloud 7 (7.0.4.2)
* Delete the parent folder of the shared file
* The share stays is in the DB and the share via the sharelink is inaccessible. (which is good)
* Upgrade to owncloud 8 (8.0.2) (This step is crucial. The bug is not reproduceable without upgrading from 7 to 8. It seems like the old tokens are handled different than the newer ones)
* Optional Step: Logout, Reset Browser Session, etc.
* Access the share via the old share url: almost empty page, but there is a dowload button which adds a "/download" to the URL.
* Upon clicking, a download.zip is downloaded which contains EVERYTHING from the owncloud directory (of the user who shared the file)
* No exception is thrown and no error is logged.
This will add a check whether the share is a valid one and also adds unit tests to prevent further regressions in the future. Needs to be backported to ownCloud 8.
Adding a proper clean-up of the orphaned shares is out-of-scope and would probably require some kind of FK or so.
Fixes https://github.com/owncloud/core/issues/15097
Diffstat (limited to 'apps/files/js/jquery-visibility.js')
0 files changed, 0 insertions, 0 deletions