diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-02-10 13:38:38 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2016-02-10 16:49:18 +0100 |
| commit | e40abfbbfe89b1a14595c6b58338f7fd2adc036d (patch) | |
| tree | edbd43e6c0c9e3412fcb265f4e67a6a0dc297a0a /apps | |
| parent | 3350d62b751834e933586f9b72adcc2e24771ee3 (diff) | |
| download | nextcloud-server-e40abfbbfe89b1a14595c6b58338f7fd2adc036d.tar.gz nextcloud-server-e40abfbbfe89b1a14595c6b58338f7fd2adc036d.zip | |
Remove path from versions response
The path attribute contains the path relative to the owner's home
folder, not the one from the recipient, which is useless for the client
and needlessly discloses the owner's original path.
The requested already has access to the full path of the file, so no
need to add it to the response.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_versions/ajax/getVersions.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/files_versions/ajax/getVersions.php b/apps/files_versions/ajax/getVersions.php index d50545f7c69..9a29cea62cd 100644 --- a/apps/files_versions/ajax/getVersions.php +++ b/apps/files_versions/ajax/getVersions.php @@ -41,6 +41,11 @@ if( $versions ) { $versions = array_slice($versions, $start, $count); + // remove owner path from request to not disclose it to the recipient + foreach ($versions as $version) { + unset($version['path']); + } + \OCP\JSON::success(array('data' => array('versions' => $versions, 'endReached' => $endReached))); } else { |