aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
authorRobin Appelman <robin@icewind.nl>2018-08-16 20:39:51 +0200
committerRobin Appelman <robin@icewind.nl>2018-08-16 21:27:57 +0200
commit4c0cbdff36ac70c956df2aa33168dfb66c479afe (patch)
tree14b15e3cd98b7743bf21a925c58ea4cdc403388b /lib/private
parent720b27d60b330a4752366327ec2ee42e2899b3ec (diff)
downloadnextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.tar.gz
nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.zip
tokens can't be valid local user names
this saves searching for shares on non-public link dav requests Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/Files/View.php20
-rw-r--r--lib/private/Share20/Manager.php4
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php
index c6429a89942..19e38717803 100644
--- a/lib/private/Files/View.php
+++ b/lib/private/Files/View.php
@@ -1433,16 +1433,21 @@ class View {
$contents = $cache->getFolderContentsById($folderId); //TODO: mimetype_filter
$sharingDisabled = \OCP\Util::isSharingDisabledForUser();
+
+ $fileNames = array_map(function(ICacheEntry $content) {
+ return $content->getName();
+ }, $contents);
/**
- * @var \OC\Files\FileInfo[] $files
+ * @var \OC\Files\FileInfo[] $fileInfos
*/
- $files = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) {
+ $fileInfos = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) {
if ($sharingDisabled) {
$content['permissions'] = $content['permissions'] & ~\OCP\Constants::PERMISSION_SHARE;
}
$owner = $this->getUserObjectForOwner($storage->getOwner($content['path']));
return new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content, $mount, $owner);
}, $contents);
+ $files = array_combine($fileNames, $fileInfos);
//add a folder for any mountpoint in this directory and add the sizes of other mountpoints to the folders
$mounts = Filesystem::getMountManager()->findIn($path);
@@ -1496,13 +1501,6 @@ class View {
$rootEntry['permissions'] = $permissions & (\OCP\Constants::PERMISSION_ALL - (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE));
}
- //remove any existing entry with the same name
- foreach ($files as $i => $file) {
- if ($file['name'] === $rootEntry['name']) {
- unset($files[$i]);
- break;
- }
- }
$rootEntry['path'] = substr(Filesystem::normalizePath($path . '/' . $rootEntry['name']), strlen($user) + 2); // full path without /$user/
// if sharing was disabled for the user we remove the share permissions
@@ -1511,7 +1509,7 @@ class View {
}
$owner = $this->getUserObjectForOwner($subStorage->getOwner(''));
- $files[] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner);
+ $files[$rootEntry->getName()] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner);
}
}
}
@@ -1527,7 +1525,7 @@ class View {
});
}
- return $files;
+ return array_values($files);
} else {
return [];
}
diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 037ea53048a..9497b2c2637 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1208,6 +1208,10 @@ class Manager implements IManager {
* @throws ShareNotFound
*/
public function getShareByToken($token) {
+ // tokens can't be valid local user names
+ if ($this->userManager->userExists($token)) {
+ throw new ShareNotFound();
+ }
$share = null;
try {
if($this->shareApiAllowLinks()) {