check HTTP Referer to check if we come from public.php or from a internal page.

Necessary to detect public access also if a user is logged in.

1 files changed, 10 insertions, 4 deletions

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index e66a84d909f..897b5d46620 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -225,7 +225,7 @@ class Helper {
 	 * @return bool
 	 */
 	public static function isPublicAccess() {
-		if (\OCP\USER::getUser() === false) {
+		if (strpos($_SERVER['HTTP_REFERER'], 'public.php') !== false) {
 			return true;
 		} else {
 			return false;
@@ -252,16 +252,22 @@ class Helper {
 		return $relPath;
 	}
 
+	/**
+	 * @brief get user from the path, because we can't assume that \OCP\User::getUser()
+	 *        will always return the right result
+	 * @param type $path
+	 * @return boolean
+	 */
 	public static function getUser($path) {
 
 		$user = \OCP\User::getUser();
 
-		// if we are logged in, than we return the userid
-		if ($user) {
+		// if we are logged in and if we don't come from a public URL, then we return the userid
+		if ($user && strpos($_SERVER['HTTP_REFERER'], 'public.php') === false) {
 			return $user;
 		}
 
-		// if no user is logged in we try to access a publically shared files.
+		// ...otherwise we try to access a publically shared files.
 		// In this case we need to try to get the user from the path
 
 		$trimmed = ltrim($path, '/');