diff options
| author | Michael Gapczynski <mtgap@owncloud.com> | 2012-07-11 20:04:18 -0400 |
|---|---|---|
| committer | Michael Gapczynski <mtgap@owncloud.com> | 2012-07-11 20:04:18 -0400 |
| commit | 88f4845ca33fd6f2988f230116e2190d15ab1866 (patch) | |
| tree | 8057cba52fc7ca07e7289adda5f7d36f7c0bcd1a /core | |
| parent | cbf851de69d796ccf7df48d3c1d1f94a311acdb1 (diff) | |
| download | nextcloud-server-88f4845ca33fd6f2988f230116e2190d15ab1866.tar.gz nextcloud-server-88f4845ca33fd6f2988f230116e2190d15ab1866.zip | |
Sanitization isn't required here
Diffstat (limited to 'core')
| -rw-r--r-- | core/ajax/share.php | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/core/ajax/share.php b/core/ajax/share.php index 33eea22352f..4c5ef310b7f 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -22,56 +22,43 @@ require_once '../../lib/base.php'; OC_JSON::checkLoggedIn(); if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['item'])) { - $itemType = OCP\Util::sanitizeHTML($_POST['itemType']); - $item = OCP\Util::sanitizeHTML($_POST['item']); switch ($_POST['action']) { case 'share': if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $permissions = OCP\Util::sanitizeHTML($_POST['permissions']); - $return = OCP\Share::share($itemType, $item, $shareType, $shareWith, $permissions); + $return = OCP\Share::share($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']); // TODO May need to return private link ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'unshare': if (isset($_POST['shareType']) && isset($_POST['shareWith'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $return = OCP\Share::unshare($itemType, $item, $shareType, $shareWith); + $return = OCP\Share::unshare($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'setTarget': if (isset($_POST['newTarget'])) { - $newTarget = OCP\Util::sanitizeHTML($_POST['newTarget']); - $return = OCP\Share::setTarget($itemType, $item, $newTarget); + $return = OCP\Share::setTarget($_POST['itemType'], $_POST['item'], $_POST['newTarget']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'setPermissions': if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $permissions = OCP\Util::sanitizeHTML($_POST['permissions']); - $return = OCP\Share::setPermissions($itemType, $item, $shareType, $shareWith, $permissions); + $return = OCP\Share::setPermissions($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; } } else if (isset($_GET['fetch']) && isset($_GET['itemType'])) { - $itemType = OCP\Util::sanitizeHTML($_GET['itemType']); switch ($_GET['fetch']) { case 'getItemsSharedStatuses': - $return = OCP\Share::getItemsShared($itemType, OCP\Share::FORMAT_STATUSES); + $return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES); ($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error(); break; case 'getItem': // TODO Check if the item was shared to the current user if (isset($_GET['item'])) { - $item = OCP\Util::sanitizeHTML($_GET['item']); - $return = OCP\Share::getItemShared($itemType, $item); + $return = OCP\Share::getItemShared($_GET['itemType'], $_GET['item']); ($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error(); } break; |