Merge pull request #14801 from owncloud/backport-13839

[stable8] Extract the remote host from user input in share dropdown

2 files changed, 31 insertions, 1 deletions

diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index 6059af0196d..55b71ceeeac 100644
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -221,4 +221,34 @@ class Helper extends \OC\Share\Constants {
 
 		return $expires;
 	}
+
+	/**
+	 * Extracts the necessary remote name from a given link
+	 *
+	 * Strips away a potential file name, to allow
+	 * - user
+	 * - user@localhost
+	 * - user@http://localhost
+	 * - user@http://localhost/
+	 * - user@http://localhost/index.php
+	 * - user@http://localhost/index.php/s/{shareToken}
+	 *
+	 * @param string $shareWith
+	 * @return string
+	 */
+	public static function fixRemoteURLInShareWith($shareWith) {
+		if (strpos($shareWith, '@')) {
+			list($user, $remote) = explode('@', $shareWith, 2);
+
+			$remote = str_replace('\\', '/', $remote);
+			if ($fileNamePosition = strpos($remote, '/index.php')) {
+				$remote = substr($remote, 0, $fileNamePosition);
+			}
+			$remote = rtrim($remote, '/');
+
+			$shareWith = $user . '@' . $remote;
+		}
+
+		return rtrim($shareWith, '/');
+	}
 }
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 9c3c6a2d3af..9af567278a1 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -724,7 +724,7 @@ class Share extends \OC\Share\Constants {
 			$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
 				\OCP\Security\ISecureRandom::CHAR_DIGITS);
 
-			$shareWith = rtrim($shareWith, '/');
+			$shareWith = Helper::fixRemoteURLInShareWith($shareWith);
 			$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
 
 			$send = false;