diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-02-02 10:26:06 +0100 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-02-02 10:26:06 +0100 |
commit | e60b217156aa0f2e037a3f9e23c8314e05cfbbd1 (patch) | |
tree | 94b05af345c3b847bb2222f8a2efbb7ad3ee23ed /apps | |
parent | 9861a7f6ccde73ad551a1d75b36baed3f9edf530 (diff) | |
parent | e3b5639fc19067e19191f21e9773eb9c1affc35d (diff) | |
download | nextcloud-server-e60b217156aa0f2e037a3f9e23c8314e05cfbbd1.tar.gz nextcloud-server-e60b217156aa0f2e037a3f9e23c8314e05cfbbd1.zip |
Merge pull request #22015 from owncloud/share-no-permissions
Block shares that dont have the correct source permissions
Diffstat (limited to 'apps')
-rw-r--r-- | apps/files_sharing/lib/sharedstorage.php | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php index 3ae5749ea87..101503a03fb 100644 --- a/apps/files_sharing/lib/sharedstorage.php +++ b/apps/files_sharing/lib/sharedstorage.php @@ -32,6 +32,7 @@ namespace OC\Files\Storage; use OC\Files\Filesystem; use OCA\Files_Sharing\ISharedStorage; +use OCP\Constants; use OCP\Files\Cache\ICacheEntry; use OCP\Files\Storage\IStorage; use OCP\Lock\ILockingProvider; @@ -83,6 +84,10 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage { $this->sourceRootInfo = $this->sourceStorage->getCache()->get($sourceInternalPath); } + private function isValid() { + return ($this->sourceRootInfo->getPermissions() & Constants::PERMISSION_SHARE) === Constants::PERMISSION_SHARE; + } + /** * get id of the mount point * @@ -133,6 +138,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage { * @return string|false source file path or false if not found */ public function getSourcePath($target) { + if (!$this->isValid()){ + return false; + } $source = $this->getFile($target); if ($source) { if (!isset($source['fullPath'])) { @@ -157,6 +165,9 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage { * @return int CRUDS permissions granted */ public function getPermissions($target = '') { + if (!$this->isValid()) { + return 0; + } $permissions = $this->share['permissions']; // part files and the mount point always have delete permissions if ($target === '' || pathinfo($target, PATHINFO_EXTENSION) === 'part') { @@ -253,13 +264,14 @@ class Shared extends \OC\Files\Storage\Common implements ISharedStorage { } public function isReadable($path) { - $isReadable = false; - if ($source = $this->getSourcePath($path)) { - list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath($source); - $isReadable = $storage->isReadable($internalPath); + if (!$this->isValid()) { + return false; } - - return $isReadable && $this->file_exists($path); + if (!$this->file_exists($path)) { + return false; + } + list($storage, $internalPath) = $this->resolvePath($path); + return $storage->isReadable($internalPath); } public function isUpdatable($path) { |