diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/public.php | 52 |
1 files changed, 35 insertions, 17 deletions
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php index fef0ed8a8c2..487b9e79961 100644 --- a/apps/files_sharing/public.php +++ b/apps/files_sharing/public.php @@ -7,7 +7,7 @@ OC_App::loadApps(); // support will be removed in OC 5.0,a if (isset($_GET['token'])) { unset($_GET['file']); - $qry = \OC_DB::prepare('SELECT `source` FROM `*PREFIX*sharing` WHERE `target` = ? LIMIT 1'); + $qry = \OC_DB::prepare('SELECT `source` FROM `*PREFIX*sharing` WHERE `target` = ?', 1); $filepath = $qry->execute(array($_GET['token']))->fetchOne(); if(isset($filepath)) { $info = OC_FileCache_Cached::get($filepath, ''); @@ -16,7 +16,9 @@ if (isset($_GET['token'])) { } else { $_GET['file'] = $filepath; } - \OCP\Util::writeLog('files_sharing', 'You have files that are shared by link originating from ownCloud 4.0. Redistribute the new links, because backwards compatibility will be removed in ownCloud 5.', \OCP\Util::WARN); + \OCP\Util::writeLog('files_sharing', 'You have files that are shared by link originating from ownCloud 4.0.' + .' Redistribute the new links, because backwards compatibility will be removed in ownCloud 5.', + \OCP\Util::WARN); } } @@ -27,7 +29,10 @@ function getID($path) { $path_parts = explode('/', $path, 5); $user = $path_parts[1]; $intPath = '/'.$path_parts[4]; - $query = \OC_DB::prepare('SELECT `item_source` FROM `*PREFIX*share` WHERE `uid_owner` = ? AND `file_target` = ? '); + $query = \OC_DB::prepare('SELECT `item_source`' + .' FROM `*PREFIX*share`' + .' WHERE `uid_owner` = ?' + .' AND `file_target` = ? '); $result = $query->execute(array($user, $intPath)); $row = $result->fetchRow(); $fileSource = $row['item_source']; @@ -69,7 +74,8 @@ if (isset($_GET['t'])) { //if this is a reshare check the file owner also exists if ($shareOwner != $fileOwner && ! OCP\User::userExists($fileOwner)) { - OCP\Util::writeLog('share', 'original file owner '.$fileOwner.' does not exist for share '.$linkItem['id'], \OCP\Util::ERROR); + OCP\Util::writeLog('share', 'original file owner '.$fileOwner + .' does not exist for share '.$linkItem['id'], \OCP\Util::ERROR); header('HTTP/1.0 404 Not Found'); $tmpl = new OCP\Template('', '404', 'guest'); $tmpl->printPage(); @@ -134,7 +140,8 @@ if ($linkItem) { // Check Password $forcePortable = (CRYPT_BLOWFISH != 1); $hasher = new PasswordHash(8, $forcePortable); - if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $linkItem['share_with']))) { + if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), + $linkItem['share_with']))) { $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); $tmpl->assign('URL', $url); $tmpl->assign('error', true); @@ -145,19 +152,25 @@ if ($linkItem) { $_SESSION['public_link_authenticated'] = $linkItem['id']; } } else { - OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'].' for share id '.$linkItem['id'], \OCP\Util::ERROR); + OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type'] + .' for share id '.$linkItem['id'], \OCP\Util::ERROR); header('HTTP/1.0 404 Not Found'); $tmpl = new OCP\Template('', '404', 'guest'); $tmpl->printPage(); exit(); } - // Check if item id is set in session - } else if (!isset($_SESSION['public_link_authenticated']) || $_SESSION['public_link_authenticated'] !== $linkItem['id']) { - // Prompt for password - $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); - $tmpl->assign('URL', $url); - $tmpl->printPage(); - exit(); + + } else { + // Check if item id is set in session + if (!isset($_SESSION['public_link_authenticated']) + || $_SESSION['public_link_authenticated'] !== $linkItem['id'] + ) { + // Prompt for password + $tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest'); + $tmpl->assign('URL', $url); + $tmpl->printPage(); + exit(); + } } } $basePath = substr($pathAndUser['path'], strlen('/'.$fileOwner.'/files')); @@ -203,7 +216,9 @@ if ($linkItem) { $getPath = ''; } // - $urlLinkIdentifiers= (isset($token)?'&t='.$token:'').(isset($_GET['dir'])?'&dir='.$_GET['dir']:'').(isset($_GET['file'])?'&file='.$_GET['file']:''); + $urlLinkIdentifiers= (isset($token)?'&t='.$token:'') + .(isset($_GET['dir'])?'&dir='.$_GET['dir']:'') + .(isset($_GET['file'])?'&file='.$_GET['file']:''); // Show file list if (OC_Filesystem::is_dir($path)) { OCP\Util::addStyle('files', 'files'); @@ -260,13 +275,16 @@ if ($linkItem) { $folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true))); $tmpl->assign('folder', $folder->fetchPage(), false); $tmpl->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true))); - $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download&path='.urlencode($getPath)); + $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') + .$urlLinkIdentifiers.'&download&path='.urlencode($getPath)); } else { // Show file preview if viewer is available if ($type == 'file') { - $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download'); + $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') + .$urlLinkIdentifiers.'&download'); } else { - $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files').$urlLinkIdentifiers.'&download&path='.urlencode($getPath)); + $tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') + .$urlLinkIdentifiers.'&download&path='.urlencode($getPath)); } } $tmpl->printPage(); |