summaryrefslogtreecommitdiffstats
path: root/lib/connector/sabre/file.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/connector/sabre/file.php')
-rw-r--r--lib/connector/sabre/file.php15
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/connector/sabre/file.php b/lib/connector/sabre/file.php
index 91646312e90..438d9871c22 100644
--- a/lib/connector/sabre/file.php
+++ b/lib/connector/sabre/file.php
@@ -41,24 +41,29 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
* return an ETag, and just return null.
*
* @param resource $data
+ * @throws Sabre_DAV_Exception_Forbidden
* @return string|null
*/
public function put($data) {
+ if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
// mark file as partial while uploading (ignored by the scanner)
$partpath = $this->path . '.part';
\OC\Files\Filesystem::file_put_contents($partpath, $data);
//detect aborted upload
- if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT' ) {
+ if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT') {
if (isset($_SERVER['CONTENT_LENGTH'])) {
$expected = $_SERVER['CONTENT_LENGTH'];
$actual = \OC\Files\Filesystem::filesize($partpath);
if ($actual != $expected) {
\OC\Files\Filesystem::unlink($partpath);
throw new Sabre_DAV_Exception_BadRequest(
- 'expected filesize ' . $expected . ' got ' . $actual);
+ 'expected filesize ' . $expected . ' got ' . $actual);
}
}
}
@@ -69,7 +74,7 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
//allow sync clients to send the mtime along in a header
$mtime = OC_Request::hasModificationTime();
if ($mtime !== false) {
- if(\OC\Files\Filesystem::touch($this->path, $mtime)) {
+ if (\OC\Files\Filesystem::touch($this->path, $mtime)) {
header('X-OC-MTime: accepted');
}
}
@@ -92,9 +97,13 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
* Delete the current file
*
* @return void
+ * @throws Sabre_DAV_Exception_Forbidden
*/
public function delete() {
+ if (!\OC\Files\Filesystem::isDeletable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
\OC\Files\Filesystem::unlink($this->path);
}