summaryrefslogtreecommitdiffstats
path: root/lib/private/Share20
diff options
context:
space:
mode:
authorRobin Appelman <robin@icewind.nl>2018-08-16 20:39:51 +0200
committerRobin Appelman <robin@icewind.nl>2018-08-16 21:27:57 +0200
commit4c0cbdff36ac70c956df2aa33168dfb66c479afe (patch)
tree14b15e3cd98b7743bf21a925c58ea4cdc403388b /lib/private/Share20
parent720b27d60b330a4752366327ec2ee42e2899b3ec (diff)
downloadnextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.tar.gz
nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.zip
tokens can't be valid local user names
this saves searching for shares on non-public link dav requests Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/Share20')
-rw-r--r--lib/private/Share20/Manager.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 037ea53048a..9497b2c2637 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1208,6 +1208,10 @@ class Manager implements IManager {
* @throws ShareNotFound
*/
public function getShareByToken($token) {
+ // tokens can't be valid local user names
+ if ($this->userManager->userExists($token)) {
+ throw new ShareNotFound();
+ }
$share = null;
try {
if($this->shareApiAllowLinks()) {