diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2016-09-02 11:23:55 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-10-06 13:57:58 +0200 |
| commit | 626daabb56c91755bccb327f090e6bdcd94789ad (patch) | |
| tree | 92949c65fd5585c74bcc388d1eede99126dc2c1c /lib/private/Share20/DefaultShareProvider.php | |
| parent | 01393592ebbae8f1be5eb1f8ad38670aae472342 (diff) | |
| download | nextcloud-server-626daabb56c91755bccb327f090e6bdcd94789ad.tar.gz nextcloud-server-626daabb56c91755bccb327f090e6bdcd94789ad.zip | |
Prefilter inaccessible shares in DefaultShareProvider::getSharedWith()
The DefaultShareProvider now does a DB-level check to find out whether
file_source is accessible at all (deleted file) or whether it's in the
trashbin of a home storage.
One small corner case where the home storage id is in md5 form cannot
be covered properly with this approach.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'lib/private/Share20/DefaultShareProvider.php')
| -rw-r--r-- | lib/private/Share20/DefaultShareProvider.php | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index f33c297b02d..d6afcf99912 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -583,6 +583,25 @@ class DefaultShareProvider implements IShareProvider { } /** + * Returns whether the given database result can be interpreted as + * a share with accessible file (not trashed, not deleted) + */ + private function isAccessibleResult($data) { + // exclude shares leading to deleted file entries + if ($data['fileid'] === null) { + return false; + } + + // exclude shares leading to trashbin on home storages + $pathSections = explode('/', $data['path'], 2); + // FIXME: would not detect rare md5'd home storage case properly + if ($pathSections[0] !== 'files' && explode(':', $data['storage_string_id'], 2)[0] === 'home') { + return false; + } + return true; + } + + /** * @inheritdoc */ public function getSharedWith($userId, $shareType, $node, $limit, $offset) { @@ -592,11 +611,14 @@ class DefaultShareProvider implements IShareProvider { if ($shareType === \OCP\Share::SHARE_TYPE_USER) { //Get shares directly with this user $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share'); + $qb->select('s.*', 'f.fileid', 'f.path') + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')); // Order by id - $qb->orderBy('id'); + $qb->orderBy('s.id'); // Set limit and offset if ($limit !== -1) { @@ -619,7 +641,9 @@ class DefaultShareProvider implements IShareProvider { $cursor = $qb->execute(); while($data = $cursor->fetch()) { - $shares[] = $this->createShare($data); + if ($this->isAccessibleResult($data)) { + $shares[] = $this->createShare($data); + } } $cursor->closeCursor(); @@ -640,9 +664,12 @@ class DefaultShareProvider implements IShareProvider { } $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share') - ->orderBy('id') + $qb->select('s.*', 'f.fileid', 'f.path') + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')) + ->orderBy('s.id') ->setFirstResult(0); if ($limit !== -1) { @@ -672,7 +699,10 @@ class DefaultShareProvider implements IShareProvider { $offset--; continue; } - $shares2[] = $this->createShare($data); + + if ($this->isAccessibleResult($data)) { + $shares2[] = $this->createShare($data); + } } $cursor->closeCursor(); } |