diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-23 10:50:36 -0700 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-23 10:50:36 -0700 |
| commit | caa3a8d784b2444beace4e10e8544dcad8c5fafe (patch) | |
| tree | eced2c95f89632a5bb39e7630f32ae7ff8d3f5f4 /lib | |
| parent | 30cf7fee11a9ff3ea9618fa8f48502fcd5c12ee9 (diff) | |
| parent | f62c4eafa549a26efcce025e3b33ed87cbce5fd4 (diff) | |
| download | nextcloud-server-caa3a8d784b2444beace4e10e8544dcad8c5fafe.tar.gz nextcloud-server-caa3a8d784b2444beace4e10e8544dcad8c5fafe.zip | |
Merge pull request #5464 from owncloud/fixing-5456-master
Fixing 5456 master
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/connector/sabre/directory.php | 17 | ||||
| -rw-r--r-- | lib/private/connector/sabre/file.php | 4 |
2 files changed, 18 insertions, 3 deletions
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index c51f84bf67c..02d1a9f4ba2 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -50,6 +50,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createFile($name, $data = null) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + // for chunked upload also updating a existing file is a "createFile" // because we create all the chunks before reasamble them to the existing file. if (isset($_SERVER['HTTP_OC_CHUNKED'])) { @@ -82,6 +86,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createDirectory($name) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isCreatable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } @@ -187,13 +195,16 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function delete() { - if (!\OC\Files\Filesystem::isDeletable($this->path)) { + if ($this->path === 'Shared') { throw new \Sabre_DAV_Exception_Forbidden(); } - if ($this->path != "/Shared") { - \OC\Files\Filesystem::rmdir($this->path); + + if (!\OC\Files\Filesystem::isDeletable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); } + \OC\Files\Filesystem::rmdir($this->path); + } /** diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 6ace8d14484..0fa5e0b0528 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -143,6 +143,10 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D */ public function delete() { + if ($this->path === 'Shared') { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isDeletable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } |