merge master into webdav-injection

3 files changed, 8 insertions, 26 deletions

diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php
index 545c1f95ac7..1bb526e451e 100644
--- a/lib/private/connector/sabre/directory.php
+++ b/lib/private/connector/sabre/directory.php
@@ -50,10 +50,6 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
 	 */
 	public function createFile($name, $data = null) {
 
-		if (strtolower($name) === 'shared' && empty($this->path)) {
-			throw new \Sabre_DAV_Exception_Forbidden();
-		}
-
 		// for chunked upload also updating a existing file is a "createFile"
 		// because we create all the chunks before re-assemble them to the existing file.
 		if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
@@ -87,11 +83,6 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
 	 * @return void
 	 */
 	public function createDirectory($name) {
-
-		if (strtolower($name) === 'shared' && empty($this->path)) {
-			throw new \Sabre_DAV_Exception_Forbidden();
-		}
-
 		if (!$this->fileView->isCreatable($this->path)) {
 			throw new \Sabre_DAV_Exception_Forbidden();
 		}
@@ -196,10 +187,6 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
 	 */
 	public function delete() {
 
-		if ($this->path === 'Shared') {
-			throw new \Sabre_DAV_Exception_Forbidden();
-		}
-
 		if (!$this->info->isDeletable()) {
 			throw new \Sabre_DAV_Exception_Forbidden();
 		}
diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php
index 1d5b3fce32f..66b50a87552 100644
--- a/lib/private/connector/sabre/file.php
+++ b/lib/private/connector/sabre/file.php
@@ -73,13 +73,6 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
 		// mark file as partial while uploading (ignored by the scanner)
 		$partpath = $this->path . '.ocTransferId' . rand() . '.part';
 
-		// if file is located in /Shared we write the part file to the users
-		// root folder because we can't create new files in /shared
-		// we extend the name with a random number to avoid overwriting a existing file
-		if (dirname($partpath) === 'Shared') {
-			$partpath = pathinfo($partpath, PATHINFO_FILENAME) . rand() . '.part';
-		}
-
 		try {
 			$putOkay = $this->fileView->file_put_contents($partpath, $data);
 			if ($putOkay === false) {
@@ -150,10 +143,6 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
 	 * @throws Sabre_DAV_Exception_Forbidden
 	 */
 	public function delete() {
-		if ($this->path === 'Shared') {
-			throw new \Sabre_DAV_Exception_Forbidden();
-		}
-
 		if (!$this->info->isDeletable()) {
 			throw new \Sabre_DAV_Exception_Forbidden();
 		}
diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php
index 605684a7793..35cc1679ab6 100644
--- a/lib/private/connector/sabre/objecttree.php
+++ b/lib/private/connector/sabre/objecttree.php
@@ -115,13 +115,19 @@ class ObjectTree extends \Sabre_DAV_ObjectTree {
 		list($sourceDir,) = \Sabre_DAV_URLUtil::splitPath($sourcePath);
 		list($destinationDir,) = \Sabre_DAV_URLUtil::splitPath($destinationPath);
 
+		$isShareMountPoint = false;
+		list($storage, $internalPath) = \OC\Files\Filesystem::resolvePath( '/' . \OCP\User::getUser() . '/files/' . $sourcePath);
+		if ($storage instanceof \OC\Files\Storage\Shared && !$internalPath) {
+			$isShareMountPoint = true;
+		}
+
 		// check update privileges
-		if (!$this->fileView->isUpdatable($sourcePath)) {
+		if (!$this->fileView->isUpdatable($sourcePath) && !$isShareMountPoint) {
 			throw new \Sabre_DAV_Exception_Forbidden();
 		}
 		if ($sourceDir !== $destinationDir) {
 			// for a full move we need update privileges on sourcePath and sourceDir as well as destinationDir
-			if (ltrim($destinationDir, '/') === '' && strtolower($sourceNode->getName()) === 'shared') {
+			if (ltrim($destinationDir, '/') === '') {
 				throw new \Sabre_DAV_Exception_Forbidden();
 			}
 			if (!$this->fileView->isUpdatable($sourceDir)) {