summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apps/files/ajax/upload.php1
-rw-r--r--apps/files/triggerupdate.php1
-rw-r--r--apps/files_sharing/ajax/publicpreview.php3
-rw-r--r--apps/files_sharing/appinfo/update.php1
-rw-r--r--apps/files_sharing/public.php6
-rw-r--r--lib/private/json.php14
-rwxr-xr-xlib/private/util.php4
-rw-r--r--lib/public/json.php10
8 files changed, 35 insertions, 5 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 0e905f993ac..bdaf6a77d14 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -34,6 +34,7 @@ if (empty($_POST['dirToken'])) {
// resolve reshares
$rootLinkItem = OCP\Share::resolveReShare($linkItem);
+ OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
// Setup FS with owner
OC_Util::tearDownFS();
OC_Util::setupFS($rootLinkItem['uid_owner']);
diff --git a/apps/files/triggerupdate.php b/apps/files/triggerupdate.php
index 0e29edbba35..a37b9823add 100644
--- a/apps/files/triggerupdate.php
+++ b/apps/files/triggerupdate.php
@@ -6,6 +6,7 @@ if (OC::$CLI) {
if (count($argv) === 2) {
$file = $argv[1];
list(, $user) = explode('/', $file);
+ OCP\JSON::checkUserExists($owner);
OC_Util::setupFS($user);
$view = new \OC\Files\View('');
/**
diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
index 54a9806e8bf..a52f522afac 100644
--- a/apps/files_sharing/ajax/publicpreview.php
+++ b/apps/files_sharing/ajax/publicpreview.php
@@ -39,6 +39,7 @@ if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
$rootLinkItem = OCP\Share::resolveReShare($linkedItem);
$userId = $rootLinkItem['uid_owner'];
+OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
\OC_Util::setupFS($userId);
\OC\Files\Filesystem::initMountPoints($userId);
$view = new \OC\Files\View('/' . $userId . '/files');
@@ -88,4 +89,4 @@ try{
} catch (\Exception $e) {
\OC_Response::setStatus(500);
\OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG);
-} \ No newline at end of file
+}
diff --git a/apps/files_sharing/appinfo/update.php b/apps/files_sharing/appinfo/update.php
index 0d827da28ea..4b716e764f4 100644
--- a/apps/files_sharing/appinfo/update.php
+++ b/apps/files_sharing/appinfo/update.php
@@ -44,6 +44,7 @@ if (version_compare($installedVersion, '0.3', '<')) {
$shareType = OCP\Share::SHARE_TYPE_USER;
$shareWith = $row['uid_shared_with'];
}
+ OCP\JSON::checkUserExists($row['uid_owner']);
OC_User::setUserId($row['uid_owner']);
//we need to setup the filesystem for the user, otherwise OC_FileSystem::getRoot will fail and break
OC_Util::setupFS($row['uid_owner']);
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index d050efd5b32..80dd708ee51 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -43,10 +43,10 @@ if (isset($_GET['t'])) {
$shareOwner = $linkItem['uid_owner'];
$path = null;
$rootLinkItem = OCP\Share::resolveReShare($linkItem);
- $fileOwner = $rootLinkItem['uid_owner'];
- if (isset($fileOwner)) {
+ if (isset($rootLinkItem['uid_owner'])) {
+ OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
OC_Util::tearDownFS();
- OC_Util::setupFS($fileOwner);
+ OC_Util::setupFS($rootLinkItem['uid_owner']);
$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
}
}
diff --git a/lib/private/json.php b/lib/private/json.php
index 6a9e5a2df5e..5c5d7e3a3da 100644
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -65,6 +65,20 @@ class OC_JSON{
}
/**
+ * Check is a given user exists - send json error msg if not
+ * @param string $user
+ */
+ public static function checkUserExists($user) {
+ if (!OCP\User::userExists($user)) {
+ $l = OC_L10N::get('lib');
+ OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user'))));
+ exit;
+ }
+ }
+
+
+
+ /**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser() {
diff --git a/lib/private/util.php b/lib/private/util.php
index 72afa6f9478..8aa7a074d0d 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -51,6 +51,10 @@ class OC_Util {
self::$rootMounted = true;
}
+ if ($user != '' && !OCP\User::userExists($user)) {
+ return false;
+ }
+
//if we aren't logged in, there is no use to set up the filesystem
if( $user != "" ) {
\OC\Files\Filesystem::addStorageWrapper(function($mountPoint, $storage){
diff --git a/lib/public/json.php b/lib/public/json.php
index 831e3ef1cf6..cd5d233ef90 100644
--- a/lib/public/json.php
+++ b/lib/public/json.php
@@ -167,7 +167,7 @@ class JSON {
* @return string json formatted string if not admin user.
*/
public static function checkAdminUser() {
- return(\OC_JSON::checkAdminUser());
+ \OC_JSON::checkAdminUser();
}
/**
@@ -177,4 +177,12 @@ class JSON {
public static function encode($data) {
return(\OC_JSON::encode($data));
}
+
+ /**
+ * Check is a given user exists - send json error msg if not
+ * @param string $user
+ */
+ public static function checkUserExists($user) {
+ \OC_JSON::checkUserExists($user);
+ }
}