summaryrefslogtreecommitdiffstats
path: root/lib/connector
diff options
context:
space:
mode:
Diffstat (limited to 'lib/connector')
-rw-r--r--lib/connector/sabre/directory.php61
-rw-r--r--lib/connector/sabre/file.php16
-rw-r--r--lib/connector/sabre/node.php11
3 files changed, 75 insertions, 13 deletions
diff --git a/lib/connector/sabre/directory.php b/lib/connector/sabre/directory.php
index 1434e970587..3cccf6ef3d0 100644
--- a/lib/connector/sabre/directory.php
+++ b/lib/connector/sabre/directory.php
@@ -50,23 +50,24 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
*/
public function createFile($name, $data = null) {
- if (!\OC\Files\Filesystem::isCreatable($this->path)) {
- throw new \Sabre_DAV_Exception_Forbidden();
- }
-
if (isset($_SERVER['HTTP_OC_CHUNKED'])) {
$info = OC_FileChunking::decodeName($name);
if (empty($info)) {
throw new Sabre_DAV_Exception_NotImplemented();
}
- $chunk_handler = new OC_FileChunking($info);
- $chunk_handler->store($info['index'], $data);
- if ($chunk_handler->isComplete()) {
- $newPath = $this->path . '/' . $info['name'];
- $chunk_handler->file_assemble($newPath);
- return OC_Connector_Sabre_Node::getETagPropertyForPath($newPath);
+
+ if (!\OC\Files\Filesystem::isCreatable($this->path) &&
+ !\OC\Files\Filesystem::isUpdatable($this->path . '/' . $info['name'])) {
+ throw new \Sabre_DAV_Exception_Forbidden();
}
+
+ return $this->createFileChunked($name, $data);
} else {
+
+ if (!\OC\Files\Filesystem::isCreatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
$newPath = $this->path . '/' . $name;
// mark file as partial while uploading (ignored by the scanner)
@@ -88,7 +89,13 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
}
// rename to correct path
- \OC\Files\Filesystem::rename($partpath, $newPath);
+ $renameOkay = \OC\Files\Filesystem::rename($partpath, $newPath);
+ $fileExists = \OC\Files\Filesystem::file_exists($newPath);
+ if ($renameOkay === false || $fileExists === false) {
+ \OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+ \OC\Files\Filesystem::unlink($partpath);
+ throw new Sabre_DAV_Exception();
+ }
// allow sync clients to send the mtime along in a header
$mtime = OC_Request::hasModificationTime();
@@ -251,7 +258,7 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
* If the array is empty, all properties should be returned
*
* @param array $properties
- * @return void
+ * @return array
*/
public function getProperties($properties) {
$props = parent::getProperties($properties);
@@ -261,4 +268,34 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa
}
return $props;
}
+
+ private function createFileChunked($name, $data)
+ {
+ $info = OC_FileChunking::decodeName($name);
+ if (empty($info)) {
+ throw new Sabre_DAV_Exception_NotImplemented();
+ }
+ $chunk_handler = new OC_FileChunking($info);
+ $bytesWritten = $chunk_handler->store($info['index'], $data);
+
+ //detect aborted upload
+ if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT' ) {
+ if (isset($_SERVER['CONTENT_LENGTH'])) {
+ $expected = $_SERVER['CONTENT_LENGTH'];
+ if ($bytesWritten != $expected) {
+ $chunk_handler->remove($info['index']);
+ throw new Sabre_DAV_Exception_BadRequest(
+ 'expected filesize ' . $expected . ' got ' . $bytesWritten);
+ }
+ }
+ }
+
+ if ($chunk_handler->isComplete()) {
+ $newPath = $this->path . '/' . $info['name'];
+ $chunk_handler->file_assemble($newPath);
+ return OC_Connector_Sabre_Node::getETagPropertyForPath($newPath);
+ }
+
+ return null;
+ }
}
diff --git a/lib/connector/sabre/file.php b/lib/connector/sabre/file.php
index 06ab73e3e4d..bbfb27a8a9e 100644
--- a/lib/connector/sabre/file.php
+++ b/lib/connector/sabre/file.php
@@ -53,6 +53,13 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
// mark file as partial while uploading (ignored by the scanner)
$partpath = $this->path . '.part';
+ // if file is located in /Shared we write the part file to the users
+ // root folder because we can't create new files in /shared
+ // we extend the name with a random number to avoid overwriting a existing file
+ if (dirname($partpath) === '/Shared') {
+ $partpath = pathinfo($partpath, PATHINFO_FILENAME) . rand() . '.part';
+ }
+
\OC\Files\Filesystem::file_put_contents($partpath, $data);
//detect aborted upload
@@ -69,7 +76,14 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D
}
// rename to correct path
- \OC\Files\Filesystem::rename($partpath, $this->path);
+ $renameOkay = \OC\Files\Filesystem::rename($partpath, $this->path);
+ $fileExists = \OC\Files\Filesystem::file_exists($this->path);
+ if ($renameOkay === false || $fileExists === false) {
+ \OC_Log::write('webdav', '\OC\Files\Filesystem::rename() failed', \OC_Log::ERROR);
+ \OC\Files\Filesystem::unlink($partpath);
+ throw new Sabre_DAV_Exception();
+ }
+
//allow sync clients to send the mtime along in a header
$mtime = OC_Request::hasModificationTime();
diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php
index 1ffa048d6b2..f6a1c56edb8 100644
--- a/lib/connector/sabre/node.php
+++ b/lib/connector/sabre/node.php
@@ -78,6 +78,11 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
*/
public function setName($name) {
+ // rename is only allowed if the update privilege is granted
+ if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
list($parentPath, ) = Sabre_DAV_URLUtil::splitPath($this->path);
list(, $newName) = Sabre_DAV_URLUtil::splitPath($name);
@@ -135,6 +140,12 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
* Even if the modification time is set to a custom value the access time is set to now.
*/
public function touch($mtime) {
+
+ // touch is only allowed if the update privilege is granted
+ if (!\OC\Files\Filesystem::isUpdatable($this->path)) {
+ throw new \Sabre_DAV_Exception_Forbidden();
+ }
+
\OC\Files\Filesystem::touch($this->path, $mtime);
}