diff options
| -rw-r--r-- | lib/private/connector/sabre/directory.php | 17 | ||||
| -rw-r--r-- | lib/private/connector/sabre/file.php | 4 | ||||
| -rw-r--r-- | tests/lib/connector/sabre/directory.php | 34 | ||||
| -rw-r--r-- | tests/lib/connector/sabre/file.php | 7 |
4 files changed, 59 insertions, 3 deletions
diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index c51f84bf67c..02d1a9f4ba2 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -50,6 +50,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createFile($name, $data = null) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + // for chunked upload also updating a existing file is a "createFile" // because we create all the chunks before reasamble them to the existing file. if (isset($_SERVER['HTTP_OC_CHUNKED'])) { @@ -82,6 +86,10 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createDirectory($name) { + if ($name === 'Shared' && empty($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isCreatable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } @@ -187,13 +195,16 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function delete() { - if (!\OC\Files\Filesystem::isDeletable($this->path)) { + if ($this->path === 'Shared') { throw new \Sabre_DAV_Exception_Forbidden(); } - if ($this->path != "/Shared") { - \OC\Files\Filesystem::rmdir($this->path); + + if (!\OC\Files\Filesystem::isDeletable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); } + \OC\Files\Filesystem::rmdir($this->path); + } /** diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 6ace8d14484..0fa5e0b0528 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -143,6 +143,10 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D */ public function delete() { + if ($this->path === 'Shared') { + throw new \Sabre_DAV_Exception_Forbidden(); + } + if (!\OC\Files\Filesystem::isDeletable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); } diff --git a/tests/lib/connector/sabre/directory.php b/tests/lib/connector/sabre/directory.php new file mode 100644 index 00000000000..c501521b601 --- /dev/null +++ b/tests/lib/connector/sabre/directory.php @@ -0,0 +1,34 @@ +<?php +/** + * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +class Test_OC_Connector_Sabre_Directory extends PHPUnit_Framework_TestCase { + + /** + * @expectedException Sabre_DAV_Exception_Forbidden + */ + public function testCreateSharedFileFails() { + $dir = new OC_Connector_Sabre_Directory(''); + $dir->createFile('Shared'); + } + + /** + * @expectedException Sabre_DAV_Exception_Forbidden + */ + public function testCreateSharedFolderFails() { + $dir = new OC_Connector_Sabre_Directory(''); + $dir->createDirectory('Shared'); + } + + /** + * @expectedException Sabre_DAV_Exception_Forbidden + */ + public function testDeleteSharedFolderFails() { + $dir = new OC_Connector_Sabre_Directory('Shared'); + $dir->delete(); + } +} diff --git a/tests/lib/connector/sabre/file.php b/tests/lib/connector/sabre/file.php index a1dade3d63d..e1fed0384c6 100644 --- a/tests/lib/connector/sabre/file.php +++ b/tests/lib/connector/sabre/file.php @@ -35,4 +35,11 @@ class Test_OC_Connector_Sabre_File extends PHPUnit_Framework_TestCase { $etag = $file->put('test data'); } + /** + * @expectedException Sabre_DAV_Exception_Forbidden + */ + public function testDeleteSharedFails() { + $file = new OC_Connector_Sabre_File('Shared'); + $file->delete(); + } } |