diff options
| author | Roeland Jago Douma <rullzer@owncloud.com> | 2016-03-17 11:35:31 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <rullzer@owncloud.com> | 2016-03-17 11:35:31 +0100 |
| commit | 533fdb4075a1dc41ba10bdbc3782d92ff088bbbb (patch) | |
| tree | 4cd9bb9250bd77a03c16eb9d491e381d7f75313d /apps | |
| parent | 828cb08d49ae9fe6e01da53fb7373eb386743cd4 (diff) | |
| download | nextcloud-server-533fdb4075a1dc41ba10bdbc3782d92ff088bbbb.tar.gz nextcloud-server-533fdb4075a1dc41ba10bdbc3782d92ff088bbbb.zip | |
Set proper public webdav permissions when public upload disabled
Fixes #23325
It can happen that a user shares a folder with public upload. And some
time later the admin disables public upload on the server.
To make sure this is handled correctly we need to check the config value
and reduce the permissions.
Fix is kept small to be easy backportable.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dav/lib/connector/publicauth.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/dav/lib/connector/publicauth.php b/apps/dav/lib/connector/publicauth.php index 3d800e88004..f069a214fe8 100644 --- a/apps/dav/lib/connector/publicauth.php +++ b/apps/dav/lib/connector/publicauth.php @@ -61,6 +61,11 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic { return false; } + if ((int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK && + $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') !== 'yes') { + $this->share['permissions'] &= ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); + } + // check if the share is password protected if (isset($linkItem['share_with'])) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { |