diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-22 11:10:07 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-22 11:10:07 +0200 |
| commit | 6e0e6212188aa4a1d57339fa2ee4afd548414d1a (patch) | |
| tree | e56568bad0600839dcabadcc328359becdb52061 /lib | |
| parent | cadd71ec8a02fc5619a9347109f9e588e13b3e3b (diff) | |
| download | nextcloud-server-6e0e6212188aa4a1d57339fa2ee4afd548414d1a.tar.gz nextcloud-server-6e0e6212188aa4a1d57339fa2ee4afd548414d1a.zip | |
creating and deleting of file and folder 'Shared' in root is not allowed
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/connector/sabre/directory.php | 17 | ||||
| -rw-r--r-- | lib/private/connector/sabre/file.php | 4 |
2 files changed, 18 insertions, 3 deletions
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index c51f84bf67c..02d1a9f4ba2 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -50,6 +50,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createFile($name, $data = null) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + // for chunked upload also updating a existing file is a "createFile" // because we create all the chunks before reasamble them to the existing file. if (isset($_SERVER['HTTP_OC_CHUNKED'])) { @@ -82,6 +86,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createDirectory($name) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isCreatable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } @@ -187,13 +195,16 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function delete() { - if (!\OC\Files\Filesystem::isDeletable($this->path)) { + if ($this->path === 'Shared') { throw new \Sabre_DAV_Exception_Forbidden(); } - if ($this->path != "/Shared") { - \OC\Files\Filesystem::rmdir($this->path); + + if (!\OC\Files\Filesystem::isDeletable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); } + \OC\Files\Filesystem::rmdir($this->path); + } /** diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 3402946a136..7b8462cae5e 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -143,6 +143,10 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D */ public function delete() { + if ($this->path === 'Shared') { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isDeletable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } |