diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-07-01 12:35:32 -0700 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-07-01 12:35:32 -0700 |
| commit | 5fff4e0d087378984fe7124013acc6741903379f (patch) | |
| tree | f364da95b3b638c24159e9ea9012b73d760e52fa /apps/files | |
| parent | a20e9dee89ca2b0552840e1221828d19817a8cc7 (diff) | |
| parent | 492c0571a04135539c5b3857a6c1b3fda9abf40a (diff) | |
| download | nextcloud-server-5fff4e0d087378984fe7124013acc6741903379f.tar.gz nextcloud-server-5fff4e0d087378984fe7124013acc6741903379f.zip | |
Merge pull request #3903 from owncloud/nonpublic-uploading
Fix upload regressions
Diffstat (limited to 'apps/files')
| -rw-r--r-- | apps/files/ajax/upload.php | 70 | ||||
| -rw-r--r-- | apps/files/js/filelist.js | 2 |
2 files changed, 36 insertions, 36 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 12db682c1e2..8433716dec1 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -8,40 +8,40 @@ OCP\JSON::setContentTypeHeader('text/plain'); // If no token is sent along, rely on login only $l = OC_L10N::get('files'); -if (!$_POST['dirToken']) { - // The standard case, files are uploaded through logged in users :) - OCP\JSON::checkLoggedIn(); - $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; - if (!$dir || empty($dir) || $dir === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); - die(); - } +if (empty($_POST['dirToken'])) { + // The standard case, files are uploaded through logged in users :) + OCP\JSON::checkLoggedIn(); + $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; + if (!$dir || empty($dir) || $dir === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); + die(); + } } else { - $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); - - if ($linkItem === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); - die(); - } - - if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) { - OCP\JSON::checkLoggedIn(); - } else { - - // The token defines the target directory (security reasons) - $dir = sprintf( - "/%s/%s", - $linkItem['file_target'], - isset($_POST['subdir']) ? $_POST['subdir'] : '' - ); - - if (!$dir || empty($dir) || $dir === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); - die(); - } - // Setup FS with owner - OC_Util::setupFS($linkItem['uid_owner']); - } + $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); + + if ($linkItem === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); + die(); + } + + if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) { + OCP\JSON::checkLoggedIn(); + } else { + + // The token defines the target directory (security reasons) + $dir = sprintf( + "/%s/%s", + $linkItem['file_target'], + isset($_POST['subdir']) ? $_POST['subdir'] : '' + ); + + if (!$dir || empty($dir) || $dir === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); + die(); + } + // Setup FS with owner + OC_Util::setupFS($linkItem['uid_owner']); + } } @@ -61,7 +61,7 @@ foreach ($_FILES['files']['error'] as $error) { $errors = array( UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'), UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ') - . ini_get('upload_max_filesize'), + . ini_get('upload_max_filesize'), UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'), UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'), @@ -107,7 +107,7 @@ if (strpos($dir, '..') === false) { 'size' => $meta['size'], 'id' => $meta['fileid'], 'name' => basename($target), - 'originalname'=>$files['name'][$i], + 'originalname' => $files['name'][$i], 'uploadMaxFilesize' => $maxUploadFilesize, 'maxHumanFilesize' => $maxHumanFilesize ); diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index c15fc21abf4..cf3ce2e5089 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -467,7 +467,7 @@ $(document).ready(function(){ } var date=new Date(); var param = {}; - if ($('#publicUploadRequestToken')) { + if ($('#publicUploadRequestToken').length) { param.download_url = document.location.href + '&download&path=/' + $('#dir').val() + '/' + uniqueName; } // create new file context |