summaryrefslogtreecommitdiffstats
path: root/lib/private/share
diff options
context:
space:
mode:
authorJoas Schilling <nickvergessen@owncloud.com>2015-06-18 11:46:37 +0200
committerJoas Schilling <nickvergessen@owncloud.com>2015-06-22 15:25:23 +0200
commit2b7e5f841a016e8682d560643dce4797758a44c3 (patch)
treebc7216a8a82fe0986bae5ec9fecf33acbfe73275 /lib/private/share
parentd38a378b8cc8d13e6459ccb4cfbc8a8bbe1f8428 (diff)
downloadnextcloud-server-2b7e5f841a016e8682d560643dce4797758a44c3.tar.gz
nextcloud-server-2b7e5f841a016e8682d560643dce4797758a44c3.zip
Merge spliteUserRemote with fixRemoteUrlInShareWith
Diffstat (limited to 'lib/private/share')
-rw-r--r--lib/private/share/helper.php60
-rw-r--r--lib/private/share/share.php9
2 files changed, 44 insertions, 25 deletions
diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index d88c4bcbfc2..5081a517db7 100644
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -218,33 +218,25 @@ class Helper extends \OC\Share\Constants {
}
/**
- * Extracts the necessary remote name from a given link
+ * Strips away a potential file names and trailing slashes:
+ * - http://localhost
+ * - http://localhost/
+ * - http://localhost/index.php
+ * - http://localhost/index.php/s/{shareToken}
*
- * Strips away a potential file name, to allow
- * - user
- * - user@localhost
- * - user@http://localhost
- * - user@http://localhost/
- * - user@http://localhost/index.php
- * - user@http://localhost/index.php/s/{shareToken}
+ * all return: http://localhost
*
* @param string $shareWith
* @return string
*/
- public static function fixRemoteURLInShareWith($shareWith) {
- if (strpos($shareWith, '@')) {
- list($user, $remote) = explode('@', $shareWith, 2);
-
- $remote = str_replace('\\', '/', $remote);
- if ($fileNamePosition = strpos($remote, '/index.php')) {
- $remote = substr($remote, 0, $fileNamePosition);
- }
- $remote = rtrim($remote, '/');
-
- $shareWith = $user . '@' . $remote;
+ protected static function fixRemoteURL($remote) {
+ $remote = str_replace('\\', '/', $remote);
+ if ($fileNamePosition = strpos($remote, '/index.php')) {
+ $remote = substr($remote, 0, $fileNamePosition);
}
+ $remote = rtrim($remote, '/');
- return rtrim($shareWith, '/');
+ return $remote;
}
/**
@@ -255,10 +247,36 @@ class Helper extends \OC\Share\Constants {
* @throws InvalidFederatedCloudIdException
*/
public static function splitUserRemote($id) {
- $pos = strrpos($id, '@');
+ if (strpos($id, '@') === false) {
+ throw new InvalidFederatedCloudIdException('invalid Federated Cloud ID');
+ }
+
+ // Find the first character that is not allowed in user names
+ $id = str_replace('\\', '/', $id);
+ $posSlash = strpos($id, '/');
+ $posColon = strpos($id, ':');
+
+ if ($posSlash === false && $posColon === false) {
+ $invalidPos = strlen($id);
+ } else if ($posSlash === false) {
+ $invalidPos = $posColon;
+ } else if ($posColon === false) {
+ $invalidPos = $posSlash;
+ } else {
+ $invalidPos = min($posSlash, $posColon);
+ }
+
+ // Find the last @ before $invalidPos
+ $pos = $lastAtPos = 0;
+ while ($lastAtPos !== false && $lastAtPos <= $invalidPos) {
+ $pos = $lastAtPos;
+ $lastAtPos = strpos($id, '@', $pos + 1);
+ }
+
if ($pos !== false) {
$user = substr($id, 0, $pos);
$remote = substr($id, $pos + 1);
+ $remote = self::fixRemoteURL($remote);
if (!empty($user) && !empty($remote)) {
return array($user, $remote);
}
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 3c4b6863afd..6fcb020eeb3 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -749,7 +749,8 @@ class Share extends Constants {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
\OCP\Security\ISecureRandom::CHAR_DIGITS);
- $shareWith = Helper::fixRemoteURLInShareWith($shareWith);
+ list($user, $remote) = Helper::splitUserRemote($shareWith);
+ $shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;
@@ -1300,8 +1301,8 @@ class Share extends Constants {
$hookParams['deletedShares'] = $deletedShares;
\OC_Hook::emit('OCP\Share', 'post_unshare', $hookParams);
if ((int)$item['share_type'] === \OCP\Share::SHARE_TYPE_REMOTE && \OC::$server->getUserSession()->getUser()) {
- $urlParts = explode('@', $item['share_with'], 2);
- self::sendRemoteUnshare($urlParts[1], $item['id'], $item['token']);
+ list(, $remote) = Helper::splitUserRemote($item['share_with']);
+ self::sendRemoteUnshare($remote, $item['id'], $item['token']);
}
}
@@ -2430,7 +2431,7 @@ class Share extends Constants {
list($user, $remote) = Helper::splitUserRemote($shareWith);
if ($user && $remote) {
- $url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
+ $url = $remote . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
$local = \OC::$server->getURLGenerator()->getAbsoluteURL('/');