diff options
| author | Joas Schilling <nickvergessen@owncloud.com> | 2015-08-26 12:30:07 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@owncloud.com> | 2015-09-23 15:11:02 +0200 |
| commit | 19e7a08cbffbf4f9736646e9b3c90b4410642005 (patch) | |
| tree | 9e2b7b2f67b28b11ab61790eefdab60268e949c1 /apps/files_sharing/api/sharees.php | |
| parent | 6636605ea6d2fb44a8534f570b8555dc4aac3400 (diff) | |
| download | nextcloud-server-19e7a08cbffbf4f9736646e9b3c90b4410642005.tar.gz nextcloud-server-19e7a08cbffbf4f9736646e9b3c90b4410642005.zip | |
Do not allow user enumeration if the config is disabled
Diffstat (limited to 'apps/files_sharing/api/sharees.php')
| -rw-r--r-- | apps/files_sharing/api/sharees.php | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/apps/files_sharing/api/sharees.php b/apps/files_sharing/api/sharees.php index 9e324078dad..734c267020f 100644 --- a/apps/files_sharing/api/sharees.php +++ b/apps/files_sharing/api/sharees.php @@ -62,6 +62,9 @@ class Sharees { /** @var bool */ protected $shareWithGroupOnly = false; + /** @var bool */ + protected $shareeEnumeration = true; + /** @var int */ protected $offset = 0; @@ -134,7 +137,7 @@ class Sharees { } } - if (sizeof($users) < $this->limit) { + if (!$this->shareeEnumeration || sizeof($users) < $this->limit) { $this->reachedEndFor[] = 'users'; } @@ -176,6 +179,10 @@ class Sharees { ]); } } + + if (!$this->shareeEnumeration) { + $this->result['users'] = []; + } } /** @@ -187,7 +194,7 @@ class Sharees { $groups = $this->groupManager->search($search, $this->limit, $this->offset); $groups = array_map(function (IGroup $group) { return $group->getGID(); }, $groups); - if (sizeof($groups) < $this->limit) { + if (!$this->shareeEnumeration || sizeof($groups) < $this->limit) { $this->reachedEndFor[] = 'groups'; } @@ -233,6 +240,10 @@ class Sharees { ]); } } + + if (!$this->shareeEnumeration) { + $this->result['groups'] = []; + } } /** @@ -273,6 +284,10 @@ class Sharees { } } + if (!$this->shareeEnumeration) { + $this->result['remotes'] = []; + } + if (!$foundRemoteById && substr_count($search, '@') >= 1 && substr_count($search, ' ') === 0 && $this->offset === 0) { $this->result['exact']['remotes'][] = [ 'label' => $search, @@ -322,6 +337,7 @@ class Sharees { } $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; + $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->limit = (int) $perPage; $this->offset = $perPage * ($page - 1); |