diff options
Diffstat (limited to 'apps/files/ajax/upload.php')
| -rw-r--r-- | apps/files/ajax/upload.php | 88 |
1 files changed, 46 insertions, 42 deletions
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 12db682c1e2..dde5d3c50af 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -8,40 +8,44 @@ OCP\JSON::setContentTypeHeader('text/plain'); // If no token is sent along, rely on login only $l = OC_L10N::get('files'); -if (!$_POST['dirToken']) { - // The standard case, files are uploaded through logged in users :) - OCP\JSON::checkLoggedIn(); - $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; - if (!$dir || empty($dir) || $dir === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); - die(); - } +if (empty($_POST['dirToken'])) { + // The standard case, files are uploaded through logged in users :) + OCP\JSON::checkLoggedIn(); + $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; + if (!$dir || empty($dir) || $dir === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); + die(); + } } else { - $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); - - if ($linkItem === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); - die(); - } - - if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) { - OCP\JSON::checkLoggedIn(); - } else { - - // The token defines the target directory (security reasons) - $dir = sprintf( - "/%s/%s", - $linkItem['file_target'], - isset($_POST['subdir']) ? $_POST['subdir'] : '' - ); - - if (!$dir || empty($dir) || $dir === false) { - OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); - die(); - } - // Setup FS with owner - OC_Util::setupFS($linkItem['uid_owner']); - } + $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); + if ($linkItem === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); + die(); + } + + if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) { + OCP\JSON::checkLoggedIn(); + } else { + // resolve reshares + $rootLinkItem = OCP\Share::resolveReShare($linkItem); + + // Setup FS with owner + OC_Util::tearDownFS(); + OC_Util::setupFS($rootLinkItem['uid_owner']); + + // The token defines the target directory (security reasons) + $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); + $dir = sprintf( + "/%s/%s", + $path, + isset($_POST['subdir']) ? $_POST['subdir'] : '' + ); + + if (!$dir || empty($dir) || $dir === false) { + OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); + die(); + } + } } @@ -61,7 +65,7 @@ foreach ($_FILES['files']['error'] as $error) { $errors = array( UPLOAD_ERR_OK => $l->t('There is no error, the file uploaded with success'), UPLOAD_ERR_INI_SIZE => $l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini: ') - . ini_get('upload_max_filesize'), + . ini_get('upload_max_filesize'), UPLOAD_ERR_FORM_SIZE => $l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'), UPLOAD_ERR_PARTIAL => $l->t('The uploaded file was only partially uploaded'), UPLOAD_ERR_NO_FILE => $l->t('No file was uploaded'), @@ -76,17 +80,17 @@ $files = $_FILES['files']; $error = ''; -$maxUploadFilesize = OCP\Util::maxUploadFilesize($dir); -$maxHumanFilesize = OCP\Util::humanFileSize($maxUploadFilesize); +$maxUploadFileSize = $storageStats['uploadMaxFilesize']; +$maxHumanFileSize = OCP\Util::humanFileSize($maxUploadFileSize); $totalSize = 0; foreach ($files['size'] as $size) { $totalSize += $size; } -if ($maxUploadFilesize >= 0 and $totalSize > $maxUploadFilesize) { +if ($maxUploadFileSize >= 0 and $totalSize > $maxUploadFileSize) { OCP\JSON::error(array('data' => array('message' => $l->t('Not enough storage available'), - 'uploadMaxFilesize' => $maxUploadFilesize, - 'maxHumanFilesize' => $maxHumanFilesize))); + 'uploadMaxFilesize' => $maxUploadFileSize, + 'maxHumanFilesize' => $maxHumanFileSize))); exit(); } @@ -107,9 +111,9 @@ if (strpos($dir, '..') === false) { 'size' => $meta['size'], 'id' => $meta['fileid'], 'name' => basename($target), - 'originalname'=>$files['name'][$i], - 'uploadMaxFilesize' => $maxUploadFilesize, - 'maxHumanFilesize' => $maxHumanFilesize + 'originalname' => $files['name'][$i], + 'uploadMaxFilesize' => $maxUploadFileSize, + 'maxHumanFilesize' => $maxHumanFileSize ); } } |