diff options
author | Robin Appelman <robin@icewind.nl> | 2018-08-16 20:39:51 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2018-08-16 21:27:57 +0200 |
commit | 4c0cbdff36ac70c956df2aa33168dfb66c479afe (patch) | |
tree | 14b15e3cd98b7743bf21a925c58ea4cdc403388b /lib | |
parent | 720b27d60b330a4752366327ec2ee42e2899b3ec (diff) | |
download | nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.tar.gz nextcloud-server-4c0cbdff36ac70c956df2aa33168dfb66c479afe.zip |
tokens can't be valid local user names
this saves searching for shares on non-public link dav requests
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Files/View.php | 20 | ||||
-rw-r--r-- | lib/private/Share20/Manager.php | 4 |
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php index c6429a89942..19e38717803 100644 --- a/lib/private/Files/View.php +++ b/lib/private/Files/View.php @@ -1433,16 +1433,21 @@ class View { $contents = $cache->getFolderContentsById($folderId); //TODO: mimetype_filter $sharingDisabled = \OCP\Util::isSharingDisabledForUser(); + + $fileNames = array_map(function(ICacheEntry $content) { + return $content->getName(); + }, $contents); /** - * @var \OC\Files\FileInfo[] $files + * @var \OC\Files\FileInfo[] $fileInfos */ - $files = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) { + $fileInfos = array_map(function (ICacheEntry $content) use ($path, $storage, $mount, $sharingDisabled) { if ($sharingDisabled) { $content['permissions'] = $content['permissions'] & ~\OCP\Constants::PERMISSION_SHARE; } $owner = $this->getUserObjectForOwner($storage->getOwner($content['path'])); return new FileInfo($path . '/' . $content['name'], $storage, $content['path'], $content, $mount, $owner); }, $contents); + $files = array_combine($fileNames, $fileInfos); //add a folder for any mountpoint in this directory and add the sizes of other mountpoints to the folders $mounts = Filesystem::getMountManager()->findIn($path); @@ -1496,13 +1501,6 @@ class View { $rootEntry['permissions'] = $permissions & (\OCP\Constants::PERMISSION_ALL - (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)); } - //remove any existing entry with the same name - foreach ($files as $i => $file) { - if ($file['name'] === $rootEntry['name']) { - unset($files[$i]); - break; - } - } $rootEntry['path'] = substr(Filesystem::normalizePath($path . '/' . $rootEntry['name']), strlen($user) + 2); // full path without /$user/ // if sharing was disabled for the user we remove the share permissions @@ -1511,7 +1509,7 @@ class View { } $owner = $this->getUserObjectForOwner($subStorage->getOwner('')); - $files[] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner); + $files[$rootEntry->getName()] = new FileInfo($path . '/' . $rootEntry['name'], $subStorage, '', $rootEntry, $mount, $owner); } } } @@ -1527,7 +1525,7 @@ class View { }); } - return $files; + return array_values($files); } else { return []; } diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 037ea53048a..9497b2c2637 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1208,6 +1208,10 @@ class Manager implements IManager { * @throws ShareNotFound */ public function getShareByToken($token) { + // tokens can't be valid local user names + if ($this->userManager->userExists($token)) { + throw new ShareNotFound(); + } $share = null; try { if($this->shareApiAllowLinks()) { |