summaryrefslogtreecommitdiffstats
path: root/apps/files_sharing/api/local.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files_sharing/api/local.php')
-rw-r--r--apps/files_sharing/api/local.php9
1 files changed, 8 insertions, 1 deletions
diff --git a/apps/files_sharing/api/local.php b/apps/files_sharing/api/local.php
index d9291c29f61..87a8fbbb21f 100644
--- a/apps/files_sharing/api/local.php
+++ b/apps/files_sharing/api/local.php
@@ -276,6 +276,10 @@ class Local {
return new \OC_OCS_Result(null, 400, "unknown share type");
}
+ if (($permissions & \OCP\Constants::PERMISSION_READ) === 0) {
+ return new \OC_OCS_Result(null, 400, 'invalid permissions');
+ }
+
try {
$token = \OCP\Share::shareItem(
$itemType,
@@ -347,7 +351,6 @@ class Local {
}
return new \OC_OCS_Result(null, 400, "Wrong or no update parameter given");
-
}
/**
@@ -376,6 +379,10 @@ class Local {
}
}
+ if (($permissions & \OCP\Constants::PERMISSION_READ) === 0) {
+ return new \OC_OCS_Result(null, 400, 'invalid permissions');
+ }
+
try {
$return = \OCP\Share::setPermissions(
$itemType,
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 06:52:06 +0000