diff options
author | Joas Schilling <nickvergessen@owncloud.com> | 2015-06-18 11:46:37 +0200 |
---|---|---|
committer | Joas Schilling <nickvergessen@owncloud.com> | 2015-06-22 15:25:23 +0200 |
commit | 2b7e5f841a016e8682d560643dce4797758a44c3 (patch) | |
tree | bc7216a8a82fe0986bae5ec9fecf33acbfe73275 /lib | |
parent | d38a378b8cc8d13e6459ccb4cfbc8a8bbe1f8428 (diff) | |
download | nextcloud-server-2b7e5f841a016e8682d560643dce4797758a44c3.tar.gz nextcloud-server-2b7e5f841a016e8682d560643dce4797758a44c3.zip |
Merge spliteUserRemote with fixRemoteUrlInShareWith
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/share/helper.php | 60 | ||||
-rw-r--r-- | lib/private/share/share.php | 9 |
2 files changed, 44 insertions, 25 deletions
diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php index d88c4bcbfc2..5081a517db7 100644 --- a/lib/private/share/helper.php +++ b/lib/private/share/helper.php @@ -218,33 +218,25 @@ class Helper extends \OC\Share\Constants { } /** - * Extracts the necessary remote name from a given link + * Strips away a potential file names and trailing slashes: + * - http://localhost + * - http://localhost/ + * - http://localhost/index.php + * - http://localhost/index.php/s/{shareToken} * - * Strips away a potential file name, to allow - * - user - * - user@localhost - * - user@http://localhost - * - user@http://localhost/ - * - user@http://localhost/index.php - * - user@http://localhost/index.php/s/{shareToken} + * all return: http://localhost * * @param string $shareWith * @return string */ - public static function fixRemoteURLInShareWith($shareWith) { - if (strpos($shareWith, '@')) { - list($user, $remote) = explode('@', $shareWith, 2); - - $remote = str_replace('\\', '/', $remote); - if ($fileNamePosition = strpos($remote, '/index.php')) { - $remote = substr($remote, 0, $fileNamePosition); - } - $remote = rtrim($remote, '/'); - - $shareWith = $user . '@' . $remote; + protected static function fixRemoteURL($remote) { + $remote = str_replace('\\', '/', $remote); + if ($fileNamePosition = strpos($remote, '/index.php')) { + $remote = substr($remote, 0, $fileNamePosition); } + $remote = rtrim($remote, '/'); - return rtrim($shareWith, '/'); + return $remote; } /** @@ -255,10 +247,36 @@ class Helper extends \OC\Share\Constants { * @throws InvalidFederatedCloudIdException */ public static function splitUserRemote($id) { - $pos = strrpos($id, '@'); + if (strpos($id, '@') === false) { + throw new InvalidFederatedCloudIdException('invalid Federated Cloud ID'); + } + + // Find the first character that is not allowed in user names + $id = str_replace('\\', '/', $id); + $posSlash = strpos($id, '/'); + $posColon = strpos($id, ':'); + + if ($posSlash === false && $posColon === false) { + $invalidPos = strlen($id); + } else if ($posSlash === false) { + $invalidPos = $posColon; + } else if ($posColon === false) { + $invalidPos = $posSlash; + } else { + $invalidPos = min($posSlash, $posColon); + } + + // Find the last @ before $invalidPos + $pos = $lastAtPos = 0; + while ($lastAtPos !== false && $lastAtPos <= $invalidPos) { + $pos = $lastAtPos; + $lastAtPos = strpos($id, '@', $pos + 1); + } + if ($pos !== false) { $user = substr($id, 0, $pos); $remote = substr($id, $pos + 1); + $remote = self::fixRemoteURL($remote); if (!empty($user) && !empty($remote)) { return array($user, $remote); } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 3c4b6863afd..6fcb020eeb3 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -749,7 +749,8 @@ class Share extends Constants { $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); - $shareWith = Helper::fixRemoteURLInShareWith($shareWith); + list($user, $remote) = Helper::splitUserRemote($shareWith); + $shareWith = $user . '@' . $remote; $shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName); $send = false; @@ -1300,8 +1301,8 @@ class Share extends Constants { $hookParams['deletedShares'] = $deletedShares; \OC_Hook::emit('OCP\Share', 'post_unshare', $hookParams); if ((int)$item['share_type'] === \OCP\Share::SHARE_TYPE_REMOTE && \OC::$server->getUserSession()->getUser()) { - $urlParts = explode('@', $item['share_with'], 2); - self::sendRemoteUnshare($urlParts[1], $item['id'], $item['token']); + list(, $remote) = Helper::splitUserRemote($item['share_with']); + self::sendRemoteUnshare($remote, $item['id'], $item['token']); } } @@ -2430,7 +2431,7 @@ class Share extends Constants { list($user, $remote) = Helper::splitUserRemote($shareWith); if ($user && $remote) { - $url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT; + $url = $remote . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT; $local = \OC::$server->getURLGenerator()->getAbsoluteURL('/'); |