diff options
| author | Robin Appelman <robin@icewind.nl> | 2018-08-16 20:39:51 +0200 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2018-08-27 16:25:49 +0200 |
| commit | e3b9e9e57c9aab9175b381048597d0a92abcd118 (patch) | |
| tree | b8b3548e015e1fd2002d4663dce440d9b033160f /lib | |
| parent | 110650ff588513df559c5d96b0451d88fc866fc5 (diff) | |
| download | nextcloud-server-e3b9e9e57c9aab9175b381048597d0a92abcd118.tar.gz nextcloud-server-e3b9e9e57c9aab9175b381048597d0a92abcd118.zip | |
tokens can't be valid local user names
this saves searching for shares on non-public link dav requests
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Files/View.php | 20 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 4 |
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index 73219635e89..cd1219fd77e 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1431,16 +1431,21 @@ class View { $contents = $cache->getFolderContentsById($folderId); //TODO: mimetype_filter $sharingDisabled = \OCP\Util::isSharingDisabledForUser(); + + $fileNames = array_map(function(ICacheEntry $content) { + return $content->getName(); + }, $contents); /** - * @var \OC\Files\FileInfo[] $files + * @var \OC\Files\FileInfo[] $fileInfos */ - $files = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) { + $fileInfos = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) { if ($sharingDisabled) { $content['permissions'] = $content['permissions'] & ~\OCP\Constants::PERMISSION_SHARE; } $owner = $this->getUserObjectForOwner($storage->getOwner($content['path'])); return new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content, $mount, $owner); }, $contents); + $files = array_combine($fileNames, $fileInfos); //add a folder for any mountpoint in this directory and add the sizes of other mountpoints to the folders $mounts = Filesystem::getMountManager()->findIn($path); @@ -1495,13 +1500,6 @@ class View { $rootEntry['permissions'] = $permissions & (\OCP\Constants::PERMISSION_ALL - (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)); } - //remove any existing entry with the same name - foreach ($files as $i => $file) { - if ($file['name'] === $rootEntry['name']) { - unset($files[$i]); - break; - } - } $rootEntry['path'] = substr(Filesystem::normalizePath($path . '/' . $rootEntry['name']), strlen($user) + 2); // full path without /$user/ // if sharing was disabled for the user we remove the share permissions @@ -1510,7 +1508,7 @@ class View { } $owner = $this->getUserObjectForOwner($subStorage->getOwner('')); - $files[] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner); + $files[$rootEntry->getName()] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner); } } } @@ -1526,7 +1524,7 @@ class View { }); } - return $files; + return array_values($files); } else { return []; } diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index b8131425b4a..69a3d749a99 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1165,6 +1165,10 @@ class Manager implements IManager { * @throws ShareNotFound */ public function getShareByToken($token) { + // tokens can't be valid local user names + if ($this->userManager->userExists($token)) { + throw new ShareNotFound(); + } $share = null; try { if($this->shareApiAllowLinks()) { |