summaryrefslogtreecommitdiffstats
path: root/apps/files_sharing/public.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files_sharing/public.php')
-rw-r--r--apps/files_sharing/public.php208
1 files changed, 105 insertions, 103 deletions
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 1fc41b42756..d680a87fa7a 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -21,73 +21,81 @@ if (isset($_GET['token'])) {
}
// Enf of backward compatibility
-function getID($path) {
- // use the share table from the db to find the item source if the file was reshared because shared files
- //are not stored in the file cache.
- if (substr(OC_Filesystem::getMountPoint($path), -7, 6) == "Shared") {
- $path_parts = explode('/', $path, 5);
- $user = $path_parts[1];
- $intPath = '/'.$path_parts[4];
- $query = \OC_DB::prepare('SELECT item_source FROM *PREFIX*share WHERE uid_owner = ? AND file_target = ? ');
- $result = $query->execute(array($user, $intPath));
- $row = $result->fetchRow();
- $fileSource = $row['item_source'];
- } else {
- $fileSource = OC_Filecache::getId($path, '');
- }
-
- return $fileSource;
+/**
+ * lookup file path and owner by fetching it from the fscache
+ * needed becaus OC_FileCache::getPath($id, $user) already requires the user
+ * @param int $id
+ * @return array
+ */
+function getPathAndUser($id) {
+ $query = \OC_DB::prepare('SELECT `user`, `path` FROM `*PREFIX*fscache` WHERE `id` = ?');
+ $result = $query->execute(array($id));
+ $row = $result->fetchRow();
+ return $row;
}
-if (isset($_GET['file']) || isset($_GET['dir'])) {
- if (isset($_GET['dir'])) {
- $type = 'folder';
- $path = $_GET['dir'];
- if(strlen($path)>1 and substr($path, -1, 1)==='/') {
- $path=substr($path, 0, -1);
- }
- $baseDir = $path;
- $dir = $baseDir;
- } else {
- $type = 'file';
- $path = $_GET['file'];
- if(strlen($path)>1 and substr($path, -1, 1)==='/') {
- $path=substr($path, 0, -1);
- }
- }
- $uidOwner = substr($path, 1, strpos($path, '/', 1) - 1);
- if (OCP\User::userExists($uidOwner)) {
- OC_Util::setupFS($uidOwner);
- $fileSource = getId($path);
- if ($fileSource != -1 && ($linkItem = OCP\Share::getItemSharedWithByLink($type, $fileSource, $uidOwner))) {
- // TODO Fix in the getItems
- if (!isset($linkItem['item_type']) || $linkItem['item_type'] != $type) {
+if (isset($_GET['t'])) {
+ $token = $_GET['t'];
+ $linkItem = OCP\Share::getShareByToken($token);
+ if (is_array($linkItem) && isset($linkItem['uid_owner'])) {
+ // seems to be a valid share
+ $type = $linkItem['item_type'];
+ $fileSource = $linkItem['file_source'];
+ $shareOwner = $linkItem['uid_owner'];
+
+ if (OCP\User::userExists($shareOwner) && $fileSource != -1 ) {
+
+ $pathAndUser = getPathAndUser($linkItem['file_source']);
+ $fileOwner = $pathAndUser['user'];
+
+ //if this is a reshare check the file owner also exists
+ if ($shareOwner != $fileOwner && ! OCP\User::userExists($fileOwner)) {
+ OCP\Util::writeLog('share', 'original file owner '.$fileOwner.' does not exist for share '.$linkItem['id'], \OCP\Util::ERROR);
+ header('HTTP/1.0 404 Not Found');
+ $tmpl = new OCP\Template('', '404', 'guest');
+ $tmpl->printPage();
+ exit();
+ }
+
+ //mount filesystem of file owner
+ OC_Util::setupFS($fileOwner);
+ if (!isset($linkItem['item_type'])) {
+ OCP\Util::writeLog('share', 'No item type set for share id: '.$linkItem['id'], \OCP\Util::ERROR);
header('HTTP/1.0 404 Not Found');
$tmpl = new OCP\Template('', '404', 'guest');
$tmpl->printPage();
exit();
}
if (isset($linkItem['share_with'])) {
- // Check password
+ // Authenticate share_with
+ $url = OCP\Util::linkToPublic('files').'&t='.$token;
if (isset($_GET['file'])) {
- $url = OCP\Util::linkToPublic('files').'&file='.urlencode($_GET['file']);
- } else {
- $url = OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']);
+ $url .= '&file='.urlencode($_GET['file']);
+ } else if (isset($_GET['dir'])) {
+ $url .= '&dir='.urlencode($_GET['dir']);
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
- $storedHash = $linkItem['share_with'];
- $forcePortable = (CRYPT_BLOWFISH != 1);
- $hasher = new PasswordHash(8, $forcePortable);
- if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash))) {
- $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
- $tmpl->assign('URL', $url);
- $tmpl->assign('error', true);
+ if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {
+ // Check Password
+ $forcePortable = (CRYPT_BLOWFISH != 1);
+ $hasher = new PasswordHash(8, $forcePortable);
+ if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $linkItem['share_with']))) {
+ $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');
+ $tmpl->assign('URL', $url);
+ $tmpl->assign('error', true);
+ $tmpl->printPage();
+ exit();
+ } else {
+ // Save item id in session for future requests
+ $_SESSION['public_link_authenticated'] = $linkItem['id'];
+ }
+ } else {
+ OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'].' for share id '.$linkItem['id'], \OCP\Util::ERROR);
+ header('HTTP/1.0 404 Not Found');
+ $tmpl = new OCP\Template('', '404', 'guest');
$tmpl->printPage();
exit();
- } else {
- // Save item id in session for future requests
- $_SESSION['public_link_authenticated'] = $linkItem['id'];
}
// Check if item id is set in session
} else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) {
@@ -98,29 +106,32 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
exit();
}
}
- $path = $linkItem['path'];
+ $basePath = substr($pathAndUser['path'] , strlen('/'.$fileOwner.'/files'));
+ $path = $basePath;
if (isset($_GET['path'])) {
$path .= $_GET['path'];
- $dir .= $_GET['path'];
- if (!OC_Filesystem::file_exists($path)) {
- header('HTTP/1.0 404 Not Found');
- $tmpl = new OCP\Template('', '404', 'guest');
- $tmpl->printPage();
- exit();
- }
}
+ if (!$path || !OC_Filesystem::isValidPath($path) || !OC_Filesystem::file_exists($path)) {
+ OCP\Util::writeLog('share', 'Invalid path '.$path.' for share id '.$linkItem['id'], \OCP\Util::ERROR);
+ header('HTTP/1.0 404 Not Found');
+ $tmpl = new OCP\Template('', '404', 'guest');
+ $tmpl->printPage();
+ exit();
+ }
+ $dir = dirname($path);
+ $file = basename($path);
// Download the file
if (isset($_GET['download'])) {
- if (isset($_GET['dir'])) {
+ if (isset($_GET['path']) && $_GET['path'] !== '' ) {
if ( isset($_GET['files']) ) { // download selected files
OC_Files::get($path, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
- } else if (isset($_GET['path']) && $_GET['path'] != '' ) { // download a file from a shared directory
- OC_Files::get('', $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+ } else if (isset($_GET['path']) && $_GET['path'] != '' ) { // download a file from a shared directory
+ OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
} else { // download the whole shared directory
- OC_Files::get($path, '', $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+ OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
}
} else { // download a single shared file
- OC_Files::get("", $path, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+ OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
}
} else {
@@ -128,14 +139,22 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
OCP\Util::addScript('files_sharing', 'public');
OCP\Util::addScript('files', 'fileactions');
$tmpl = new OCP\Template('files_sharing', 'public', 'base');
- $tmpl->assign('owner', $uidOwner);
+ $tmpl->assign('uidOwner', $shareOwner);
+ $tmpl->assign('dir', $dir);
+ $tmpl->assign('filename', $file);
+ $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
+ if (isset($_GET['path'])) {
+ $getPath = $_GET['path'];
+ } else {
+ $getPath = '';
+ }
// Show file list
if (OC_Filesystem::is_dir($path)) {
OCP\Util::addStyle('files', 'files');
OCP\Util::addScript('files', 'files');
OCP\Util::addScript('files', 'filelist');
$files = array();
- $rootLength = strlen($baseDir) + 1;
+ $rootLength = strlen($basePath) + 1;
foreach (OC_Files::getDirectoryContent($path) as $i) {
$i['date'] = OCP\Util::formatDate($i['mtime']);
if ($i['type'] == 'file') {
@@ -143,7 +162,7 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
$i['basename'] = $fileinfo['filename'];
$i['extension'] = isset($fileinfo['extension']) ? ('.'.$fileinfo['extension']) : '';
}
- $i['directory'] = '/'.substr('/'.$uidOwner.'/files'.$i['directory'], $rootLength);
+ $i['directory'] = '/'.substr($i['directory'], $rootLength);
if ($i['directory'] == '/') {
$i['directory'] = '';
}
@@ -153,30 +172,29 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
// Make breadcrumb
$breadcrumb = array();
$pathtohere = '';
- $count = 1;
- foreach (explode('/', $dir) as $i) {
+
+ //add base breadcrumb
+ $breadcrumb[] = array('dir' => '/', 'name' => basename($basePath));
+
+ //add subdir breadcrumbs
+ foreach (explode('/', urldecode($_GET['path'])) as $i) {
if ($i != '') {
- if ($i != $baseDir) {
- $pathtohere .= '/'.$i;
- }
- if ( strlen($pathtohere) < strlen($_GET['dir'])) {
- continue;
- }
- $breadcrumb[] = array('dir' => str_replace($_GET['dir'], "", $pathtohere, $count), 'name' => $i);
+ $pathtohere .= '/'.$i;
+ $breadcrumb[] = array('dir' => $pathtohere, 'name' => $i);
}
}
+
$list = new OCP\Template('files', 'part.list', '');
$list->assign('files', $files, false);
$list->assign('publicListView', true);
- $list->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
- $list->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path=', false);
+ $list->assign('baseURL', OCP\Util::linkToPublic('files').'&t='.$token.'&path=', false);
+ $list->assign('downloadURL', OCP\Util::linkToPublic('files').'&t='.$token.'&download&path=', false);
$breadcrumbNav = new OCP\Template('files', 'part.breadcrumb', '' );
$breadcrumbNav->assign('breadcrumb', $breadcrumb, false);
- $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&dir='.urlencode($_GET['dir']).'&path=', false);
+ $breadcrumbNav->assign('baseURL', OCP\Util::linkToPublic('files').'&t='.$token.'&path=', false);
$folder = new OCP\Template('files', 'index', '');
$folder->assign('fileList', $list->fetchPage(), false);
$folder->assign('breadcrumb', $breadcrumbNav->fetchPage(), false);
- $folder->assign('dir', basename($dir));
$folder->assign('isCreatable', false);
$folder->assign('permissions', 0);
$folder->assign('files', $files);
@@ -184,32 +202,14 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
$folder->assign('uploadMaxHumanFilesize', 0);
$folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
$tmpl->assign('folder', $folder->fetchPage(), false);
- $tmpl->assign('uidOwner', $uidOwner);
- $tmpl->assign('dir', basename($dir));
- $tmpl->assign('filename', basename($path));
- $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
$tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));
- if (isset($_GET['path'])) {
- $getPath = $_GET['path'];
- } else {
- $getPath = '';
- }
- $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath), false);
+ $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&t='.$token.'&download&path='.urlencode($getPath));
} else {
// Show file preview if viewer is available
- $tmpl->assign('uidOwner', $uidOwner);
- $tmpl->assign('dir', dirname($path));
- $tmpl->assign('filename', basename($path));
- $tmpl->assign('mimetype', OC_Filesystem::getMimeType($path));
if ($type == 'file') {
- $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&file='.urlencode($_GET['file']).'&download', false);
+ $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&t='.$token.'&download');
} else {
- if (isset($_GET['path'])) {
- $getPath = $_GET['path'];
- } else {
- $getPath = '';
- }
- $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&download&dir='.urlencode($_GET['dir']).'&path='.urlencode($getPath), false);
+ $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').'&t='.$token.'&download&path='.urlencode($getPath));
}
}
$tmpl->printPage();
@@ -217,6 +217,8 @@ if (isset($_GET['file']) || isset($_GET['dir'])) {
exit();
}
}
+} else {
+ OCP\Util::writeLog('share', 'Missing token', \OCP\Util::DEBUG);
}
header('HTTP/1.0 404 Not Found');
$tmpl = new OCP\Template('', '404', 'guest');
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 03:41:06 +0000