summaryrefslogtreecommitdiffstats
path: root/lib/private/share/share.php
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2015-03-27 17:05:14 +0100
committerMorris Jobke <hey@morrisjobke.de>2015-03-27 17:05:14 +0100
commitf4dc9e6bf3bf1db1712fde818b5df64516763ce6 (patch)
tree37cf093cd665b24b751cfd4917eced89b7f4b060 /lib/private/share/share.php
parent4d12c4a38b13e2319b85db27b03ba0eb6b9cff35 (diff)
parent23cb8112fcea5a93dfedbe26433dd1f469c98670 (diff)
downloadnextcloud-server-f4dc9e6bf3bf1db1712fde818b5df64516763ce6.tar.gz
nextcloud-server-f4dc9e6bf3bf1db1712fde818b5df64516763ce6.zip
Merge pull request #15155 from owncloud/share-donotreturntrashedfiles
Do not return shares for files outside "files"
Diffstat (limited to 'lib/private/share/share.php')
-rw-r--r--lib/private/share/share.php59
1 files changed, 48 insertions, 11 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index dc0b2f6c5bf..90f3f28f2ee 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -327,18 +327,20 @@ class Share extends \OC\Share\Constants {
*/
public static function getItemSharedWithUser($itemType, $itemSource, $user, $owner = null, $shareType = null) {
$shares = array();
- $fileDependend = false;
+ $fileDependent = false;
if ($itemType === 'file' || $itemType === 'folder') {
- $fileDependend = true;
+ $fileDependent = true;
$column = 'file_source';
- $where = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid` WHERE';
+ $where = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid` ';
+ $where .= 'INNER JOIN `*PREFIX*storages` ON `numeric_id` = `*PREFIX*filecache`.`storage` ';
+ $where .= ' WHERE';
} else {
$column = 'item_source';
$where = 'WHERE';
}
- $select = self::createSelectStatement(self::FORMAT_NONE, $fileDependend);
+ $select = self::createSelectStatement(self::FORMAT_NONE, $fileDependent);
$where .= ' `' . $column . '` = ? AND `item_type` = ? ';
$arguments = array($itemSource, $itemType);
@@ -363,6 +365,9 @@ class Share extends \OC\Share\Constants {
$result = \OC_DB::executeAudited($query, $arguments);
while ($row = $result->fetchRow()) {
+ if ($fileDependent && !self::isFileReachable($row['path'], $row['storage_id'])) {
+ continue;
+ }
$shares[] = $row;
}
@@ -1382,10 +1387,11 @@ class Share extends \OC\Share\Constants {
} else {
$root = '';
}
- $where = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid`';
+ $where = 'INNER JOIN `*PREFIX*filecache` ON `file_source` = `*PREFIX*filecache`.`fileid` ';
if (!isset($item)) {
- $where .= ' WHERE `file_target` IS NOT NULL';
+ $where .= ' AND `file_target` IS NOT NULL ';
}
+ $where .= 'INNER JOIN `*PREFIX*storages` ON `numeric_id` = `*PREFIX*filecache`.`storage` ';
$fileDependent = true;
$queryArgs = array();
} else {
@@ -1526,6 +1532,9 @@ class Share extends \OC\Share\Constants {
while ($row = $result->fetchRow()) {
self::transformDBResults($row);
// Filter out duplicate group shares for users with unique targets
+ if ($fileDependent && !self::isFileReachable($row['path'], $row['storage_id'])) {
+ continue;
+ }
if ($row['share_type'] == self::$shareTypeGroupUserUnique && isset($items[$row['parent']])) {
$row['share_type'] = self::SHARE_TYPE_GROUP;
$row['unique_name'] = true; // remember that we use a unique name for this user
@@ -2182,7 +2191,9 @@ class Share extends \OC\Share\Constants {
$select = '*';
if ($format == self::FORMAT_STATUSES) {
if ($fileDependent) {
- $select = '`*PREFIX*share`.`id`, `*PREFIX*share`.`parent`, `share_type`, `path`, `storage`, `share_with`, `uid_owner` , `file_source`, `stime`, `*PREFIX*share`.`permissions`';
+ $select = '`*PREFIX*share`.`id`, `*PREFIX*share`.`parent`, `share_type`, `path`, `storage`, '
+ . '`share_with`, `uid_owner` , `file_source`, `stime`, `*PREFIX*share`.`permissions`, '
+ . '`*PREFIX*storages`.`id` AS `storage_id`';
} else {
$select = '`id`, `parent`, `share_type`, `share_with`, `uid_owner`, `item_source`, `stime`, `*PREFIX*share`.`permissions`';
}
@@ -2191,7 +2202,8 @@ class Share extends \OC\Share\Constants {
if ($fileDependent) {
$select = '`*PREFIX*share`.`id`, `item_type`, `item_source`, `*PREFIX*share`.`parent`,'
. ' `share_type`, `share_with`, `file_source`, `file_target`, `path`, `*PREFIX*share`.`permissions`, `stime`,'
- . ' `expiration`, `token`, `storage`, `mail_send`, `uid_owner`';
+ . ' `expiration`, `token`, `storage`, `mail_send`, `uid_owner`, '
+ . '`*PREFIX*storages`.`id` AS `storage_id`';
} else {
$select = '`id`, `item_type`, `item_source`, `parent`, `share_type`, `share_with`, `*PREFIX*share`.`permissions`,'
. ' `stime`, `file_source`, `expiration`, `token`, `mail_send`, `uid_owner`';
@@ -2204,9 +2216,11 @@ class Share extends \OC\Share\Constants {
. '`*PREFIX*share`.`permissions`, `expiration`, `storage`, `*PREFIX*filecache`.`parent` as `file_parent`, '
. '`name`, `mtime`, `mimetype`, `mimepart`, `size`, `unencrypted_size`, `encrypted`, `etag`, `mail_send`';
} else {
- $select = '`*PREFIX*share`.`id`, `item_type`, `item_source`, `item_target`,
- `*PREFIX*share`.`parent`, `share_type`, `share_with`, `uid_owner`,
- `file_source`, `path`, `file_target`, `*PREFIX*share`.`permissions`, `stime`, `expiration`, `token`, `storage`, `mail_send`';
+ $select = '`*PREFIX*share`.`id`, `item_type`, `item_source`, `item_target`,'
+ . '`*PREFIX*share`.`parent`, `share_type`, `share_with`, `uid_owner`,'
+ . '`file_source`, `path`, `file_target`, `*PREFIX*share`.`permissions`,'
+ . '`stime`, `expiration`, `token`, `storage`, `mail_send`,'
+ . '`*PREFIX*storages`.`id` AS `storage_id`';
}
}
}
@@ -2392,4 +2406,27 @@ class Share extends \OC\Share\Constants {
return (int)\OCP\Config::getAppValue('core', 'shareapi_expire_after_n_days', '7');
}
+ /**
+ * Checks whether the given path is reachable for the given owner
+ *
+ * @param string $path path relative to files
+ * @param string $ownerStorageId storage id of the owner
+ *
+ * @return boolean true if file is reachable, false otherwise
+ */
+ private static function isFileReachable($path, $ownerStorageId) {
+ // if outside the home storage, file is always considered reachable
+ if (!(substr($ownerStorageId, 0, 6) === 'home::')) {
+ return true;
+ }
+
+ // if inside the home storage, the file has to be under "/files/"
+ $path = ltrim($path, '/');
+ if (substr($path, 0, 6) === 'files/') {
+ return true;
+ }
+
+ return false;
+ }
+
}