diff options
Diffstat (limited to 'lib/private/connector')
| -rw-r--r-- | lib/private/connector/sabre/auth.php | 6 | ||||
| -rw-r--r-- | lib/private/connector/sabre/directory.php | 20 | ||||
| -rw-r--r-- | lib/private/connector/sabre/exception/entitytoolarge.php | 22 | ||||
| -rw-r--r-- | lib/private/connector/sabre/exception/unsupportedmediatype.php | 22 | ||||
| -rw-r--r-- | lib/private/connector/sabre/file.php | 74 | ||||
| -rw-r--r-- | lib/private/connector/sabre/node.php | 6 | ||||
| -rw-r--r-- | lib/private/connector/sabre/objecttree.php | 3 |
7 files changed, 123 insertions, 30 deletions
diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php index d2fd74c44f9..0c84fa6b757 100644 --- a/lib/private/connector/sabre/auth.php +++ b/lib/private/connector/sabre/auth.php @@ -73,11 +73,7 @@ class OC_Connector_Sabre_Auth extends Sabre_DAV_Auth_Backend_AbstractBasic { */ public function authenticate(Sabre_DAV_Server $server, $realm) { - if (OC_User::handleApacheAuth()) { - return true; - } - - if (OC_User::isLoggedIn()) { + if (OC_User::handleApacheAuth() || OC_User::isLoggedIn()) { $user = OC_User::getUser(); OC_Util::setupFS($user); $this->currentUser = $user; diff --git a/lib/private/connector/sabre/directory.php b/lib/private/connector/sabre/directory.php index af0dfd70f08..c51f84bf67c 100644 --- a/lib/private/connector/sabre/directory.php +++ b/lib/private/connector/sabre/directory.php @@ -50,14 +50,27 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa */ public function createFile($name, $data = null) { - if (!\OC\Files\Filesystem::isCreatable($this->path)) { - throw new \Sabre_DAV_Exception_Forbidden(); + // for chunked upload also updating a existing file is a "createFile" + // because we create all the chunks before reasamble them to the existing file. + if (isset($_SERVER['HTTP_OC_CHUNKED'])) { + + // exit if we can't create a new file and we don't updatable existing file + $info = OC_FileChunking::decodeName($name); + if (!\OC\Files\Filesystem::isCreatable($this->path) && + !\OC\Files\Filesystem::isUpdatable($this->path . '/' . $info['name'])) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + + } else { + // For non-chunked upload it is enough to check if we can create a new file + if (!\OC\Files\Filesystem::isCreatable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } } $path = $this->path . '/' . $name; $node = new OC_Connector_Sabre_File($path); return $node->put($data); - } /** @@ -215,4 +228,5 @@ class OC_Connector_Sabre_Directory extends OC_Connector_Sabre_Node implements Sa } return $props; } + } diff --git a/lib/private/connector/sabre/exception/entitytoolarge.php b/lib/private/connector/sabre/exception/entitytoolarge.php new file mode 100644 index 00000000000..2bda51f2f3e --- /dev/null +++ b/lib/private/connector/sabre/exception/entitytoolarge.php @@ -0,0 +1,22 @@ +<?php + +/** + * Entity Too Large + * + * This exception is thrown whenever a user tries to upload a file which exceeds hard limitations + * + */ +class OC_Connector_Sabre_Exception_EntityTooLarge extends Sabre_DAV_Exception { + + /** + * Returns the HTTP status code for this exception + * + * @return int + */ + public function getHTTPCode() { + + return 413; + + } + +} diff --git a/lib/private/connector/sabre/exception/unsupportedmediatype.php b/lib/private/connector/sabre/exception/unsupportedmediatype.php new file mode 100644 index 00000000000..95d6a8cc651 --- /dev/null +++ b/lib/private/connector/sabre/exception/unsupportedmediatype.php @@ -0,0 +1,22 @@ +<?php + +/** + * Unsupported Media Type + * + * This exception is thrown whenever a user tries to upload a file which holds content which is not allowed + * + */ +class OC_Connector_Sabre_Exception_UnsupportedMediaType extends Sabre_DAV_Exception { + + /** + * Returns the HTTP status code for this exception + * + * @return int + */ + public function getHTTPCode() { + + return 415; + + } + +} diff --git a/lib/private/connector/sabre/file.php b/lib/private/connector/sabre/file.php index 12d7585884e..3402946a136 100644 --- a/lib/private/connector/sabre/file.php +++ b/lib/private/connector/sabre/file.php @@ -45,7 +45,9 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D * @return string|null */ public function put($data) { + $fs = $this->getFS(); + if ($fs->file_exists($this->path) && !$fs->isUpdatable($this->path)) { throw new \Sabre_DAV_Exception_Forbidden(); @@ -58,26 +60,19 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D // chunked handling if (isset($_SERVER['HTTP_OC_CHUNKED'])) { - list($path, $name) = \Sabre_DAV_URLUtil::splitPath($this->path); - - $info = OC_FileChunking::decodeName($name); - if (empty($info)) { - throw new Sabre_DAV_Exception_NotImplemented(); - } - $chunk_handler = new OC_FileChunking($info); - $chunk_handler->store($info['index'], $data); - if ($chunk_handler->isComplete()) { - $newPath = $path . '/' . $info['name']; - $chunk_handler->file_assemble($newPath); - return $this->getETagPropertyForPath($newPath); - } - - return null; + return $this->createFileChunked($data); } // mark file as partial while uploading (ignored by the scanner) $partpath = $this->path . '.part'; + // if file is located in /Shared we write the part file to the users + // root folder because we can't create new files in /shared + // we extend the name with a random number to avoid overwriting a existing file + if (dirname($partpath) === 'Shared') { + $partpath = pathinfo($partpath, PATHINFO_FILENAME) . rand() . '.part'; + } + try { $putOkay = $fs->file_put_contents($partpath, $data); if ($putOkay === false) { @@ -87,7 +82,21 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D throw new Sabre_DAV_Exception(); } } catch (\OCP\Files\NotPermittedException $e) { - throw new Sabre_DAV_Exception_Forbidden(); + // a more general case - due to whatever reason the content could not be written + throw new Sabre_DAV_Exception_Forbidden($e->getMessage()); + + } catch (\OCP\Files\EntityTooLargeException $e) { + // the file is too big to be stored + throw new OC_Connector_Sabre_Exception_EntityTooLarge($e->getMessage()); + + } catch (\OCP\Files\InvalidContentException $e) { + // the file content is not permitted + throw new OC_Connector_Sabre_Exception_UnsupportedMediaType($e->getMessage()); + + } catch (\OCP\Files\InvalidPathException $e) { + // the path for the file was not valid + // TODO: find proper http status code for this case + throw new Sabre_DAV_Exception_Forbidden($e->getMessage()); } // rename to correct path @@ -189,4 +198,37 @@ class OC_Connector_Sabre_File extends OC_Connector_Sabre_Node implements Sabre_D return \OC\Files\Filesystem::getMimeType($this->path); } + + private function createFileChunked($data) + { + list($path, $name) = \Sabre_DAV_URLUtil::splitPath($this->path); + + $info = OC_FileChunking::decodeName($name); + if (empty($info)) { + throw new Sabre_DAV_Exception_NotImplemented(); + } + $chunk_handler = new OC_FileChunking($info); + $bytesWritten = $chunk_handler->store($info['index'], $data); + + //detect aborted upload + if (isset ($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PUT' ) { + if (isset($_SERVER['CONTENT_LENGTH'])) { + $expected = $_SERVER['CONTENT_LENGTH']; + if ($bytesWritten != $expected) { + $chunk_handler->cleanup(); + throw new Sabre_DAV_Exception_BadRequest( + 'expected filesize ' . $expected . ' got ' . $bytesWritten); + } + } + } + + if ($chunk_handler->isComplete()) { + $newPath = $path . '/' . $info['name']; + $chunk_handler->file_assemble($newPath); + return OC_Connector_Sabre_Node::getETagPropertyForPath($newPath); + } + + return null; + } + } diff --git a/lib/private/connector/sabre/node.php b/lib/private/connector/sabre/node.php index fa27abb381a..c38e9f86375 100644 --- a/lib/private/connector/sabre/node.php +++ b/lib/private/connector/sabre/node.php @@ -147,12 +147,6 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr * Even if the modification time is set to a custom value the access time is set to now. */ public function touch($mtime) { - - // touch is only allowed if the update privilege is granted - if (!\OC\Files\Filesystem::isUpdatable($this->path)) { - throw new \Sabre_DAV_Exception_Forbidden(); - } - \OC\Files\Filesystem::touch($this->path, $mtime); } diff --git a/lib/private/connector/sabre/objecttree.php b/lib/private/connector/sabre/objecttree.php index 80c3840b99d..df8902f66e2 100644 --- a/lib/private/connector/sabre/objecttree.php +++ b/lib/private/connector/sabre/objecttree.php @@ -87,6 +87,9 @@ class ObjectTree extends \Sabre_DAV_ObjectTree { if (!$fs->isUpdatable($destinationDir)) { throw new \Sabre_DAV_Exception_Forbidden(); } + if (!$fs->isDeletable($sourcePath)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } } $renameOkay = $fs->rename($sourcePath, $destinationPath); |