get the real physical folder name for anonymous upload

1 files changed, 7 insertions, 2 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 8433716dec1..4b015e4d1f5 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -18,7 +18,6 @@ if (empty($_POST['dirToken'])) {
 	}
 } else {
 	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
-
 	if ($linkItem === false) {
 		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
 		die();
@@ -27,11 +26,17 @@ if (empty($_POST['dirToken'])) {
 	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
 		OCP\JSON::checkLoggedIn();
 	} else {
+		// translate linkItem to the real folder name on the file system
+		$sharedItem = OCP\Share::getItemShared($linkItem['item_type'], $linkItem['item_source']);
+		if (!$sharedItem || empty($sharedItem) || $sharedItem === false) {
+			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
+			die();
+		}
 
 		// The token defines the target directory (security reasons)
 		$dir = sprintf(
 			"/%s/%s",
-			$linkItem['file_target'],
+			array_pop($sharedItem)['path'],
 			isset($_POST['subdir']) ? $_POST['subdir'] : ''
 		);