1 files changed, 11 insertions, 4 deletions

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 8433716dec1..54604d10563 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -18,7 +18,6 @@ if (empty($_POST['dirToken'])) {
 	}
 } else {
 	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
-
 	if ($linkItem === false) {
 		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
 		die();
@@ -27,11 +26,21 @@ if (empty($_POST['dirToken'])) {
 	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
 		OCP\JSON::checkLoggedIn();
 	} else {
+		// Setup FS with owner
+		OC_Util::tearDownFS();
+		OC_Util::setupFS($linkItem['uid_owner']);
+
+		// translate linkItem to the real folder name on the file system
+		$sharedItem = OCP\Share::getSharedItem($linkItem['item_type'], $linkItem['item_source'], $linkItem['uid_owner']);
+		if (!$sharedItem || empty($sharedItem) || $sharedItem === false) {
+			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
+			die();
+		}
 
 		// The token defines the target directory (security reasons)
 		$dir = sprintf(
 			"/%s/%s",
-			$linkItem['file_target'],
+			$sharedItem['path'],
 			isset($_POST['subdir']) ? $_POST['subdir'] : ''
 		);
 
@@ -39,8 +48,6 @@ if (empty($_POST['dirToken'])) {
 			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
 			die();
 		}
-		// Setup FS with owner
-		OC_Util::setupFS($linkItem['uid_owner']);
 	}
 }