diff options
author | Robin Appelman <robin@icewind.nl> | 2018-08-16 20:39:51 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2018-08-16 21:27:57 +0200 |
commit | 4c0cbdff36ac70c956df2aa33168dfb66c479afe (patch) | |
tree | 14b15e3cd98b7743bf21a925c58ea4cdc403388b /lib/private/Share20 | |
parent | 720b27d60b330a4752366327ec2ee42e2899b3ec (diff) | |
download | nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.tar.gz nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.zip |
tokens can't be valid local user names
this saves searching for shares on non-public link dav requests
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/Share20')
-rw-r--r-- | lib/private/Share20/Manager.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 037ea53048a..9497b2c2637 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1208,6 +1208,10 @@ class Manager implements IManager { * @throws ShareNotFound */ public function getShareByToken($token) { + // tokens can't be valid local user names + if ($this->userManager->userExists($token)) { + throw new ShareNotFound(); + } $share = null; try { if($this->shareApiAllowLinks()) { |