summaryrefslogtreecommitdiffstats
path: root/lib/private
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private')
-rw-r--r--lib/private/share/helper.php80
-rw-r--r--lib/private/share/share.php12
2 files changed, 69 insertions, 23 deletions
diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php
index 65167dd7549..1988324a996 100644
--- a/lib/private/share/helper.php
+++ b/lib/private/share/helper.php
@@ -27,6 +27,8 @@
namespace OC\Share;
+use OC\HintException;
+
class Helper extends \OC\Share\Constants {
/**
@@ -216,32 +218,74 @@ class Helper extends \OC\Share\Constants {
}
/**
- * Extracts the necessary remote name from a given link
+ * Strips away a potential file names and trailing slashes:
+ * - http://localhost
+ * - http://localhost/
+ * - http://localhost/index.php
+ * - http://localhost/index.php/s/{shareToken}
*
- * Strips away a potential file name, to allow
- * - user
- * - user@localhost
- * - user@http://localhost
- * - user@http://localhost/
- * - user@http://localhost/index.php
- * - user@http://localhost/index.php/s/{shareToken}
+ * all return: http://localhost
*
* @param string $shareWith
* @return string
*/
- public static function fixRemoteURLInShareWith($shareWith) {
- if (strpos($shareWith, '@')) {
- list($user, $remote) = explode('@', $shareWith, 2);
+ protected static function fixRemoteURL($remote) {
+ $remote = str_replace('\\', '/', $remote);
+ if ($fileNamePosition = strpos($remote, '/index.php')) {
+ $remote = substr($remote, 0, $fileNamePosition);
+ }
+ $remote = rtrim($remote, '/');
- $remote = str_replace('\\', '/', $remote);
- if ($fileNamePosition = strpos($remote, '/index.php')) {
- $remote = substr($remote, 0, $fileNamePosition);
- }
- $remote = rtrim($remote, '/');
+ return $remote;
+ }
+
+ /**
+ * split user and remote from federated cloud id
+ *
+ * @param string $id
+ * @return array
+ * @throws HintException
+ */
+ public static function splitUserRemote($id) {
+ if (strpos($id, '@') === false) {
+ $l = \OC::$server->getL10N('core');
+ $hint = $l->t('Invalid Federated Cloud ID');
+ throw new HintException('Invalid Federated Cloud ID', $hint);
+ }
+
+ // Find the first character that is not allowed in user names
+ $id = str_replace('\\', '/', $id);
+ $posSlash = strpos($id, '/');
+ $posColon = strpos($id, ':');
+
+ if ($posSlash === false && $posColon === false) {
+ $invalidPos = strlen($id);
+ } else if ($posSlash === false) {
+ $invalidPos = $posColon;
+ } else if ($posColon === false) {
+ $invalidPos = $posSlash;
+ } else {
+ $invalidPos = min($posSlash, $posColon);
+ }
+
+ // Find the last @ before $invalidPos
+ $pos = $lastAtPos = 0;
+ while ($lastAtPos !== false && $lastAtPos <= $invalidPos) {
+ $pos = $lastAtPos;
+ $lastAtPos = strpos($id, '@', $pos + 1);
+ }
- $shareWith = $user . '@' . $remote;
+ if ($pos !== false) {
+ $user = substr($id, 0, $pos);
+ $remote = substr($id, $pos + 1);
+ $remote = self::fixRemoteURL($remote);
+ if (!empty($user) && !empty($remote)) {
+ return array($user, $remote);
+ }
}
- return rtrim($shareWith, '/');
+ $l = \OC::$server->getL10N('core');
+ $hint = $l->t('Invalid Federated Cloud ID');
+ throw new HintException('Invalid Fededrated Cloud ID', $hint);
}
}
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index b2ac9ee6a42..fd24fc686b1 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -554,6 +554,7 @@ class Share extends Constants {
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
+ * @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
@@ -749,7 +750,8 @@ class Share extends Constants {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER .
\OCP\Security\ISecureRandom::CHAR_DIGITS);
- $shareWith = Helper::fixRemoteURLInShareWith($shareWith);
+ list($user, $remote) = Helper::splitUserRemote($shareWith);
+ $shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;
@@ -1300,8 +1302,8 @@ class Share extends Constants {
$hookParams['deletedShares'] = $deletedShares;
\OC_Hook::emit('OCP\Share', 'post_unshare', $hookParams);
if ((int)$item['share_type'] === \OCP\Share::SHARE_TYPE_REMOTE && \OC::$server->getUserSession()->getUser()) {
- $urlParts = explode('@', $item['share_with'], 2);
- self::sendRemoteUnshare($urlParts[1], $item['id'], $item['token']);
+ list(, $remote) = Helper::splitUserRemote($item['share_with']);
+ self::sendRemoteUnshare($remote, $item['id'], $item['token']);
}
}
@@ -2436,10 +2438,10 @@ class Share extends Constants {
*/
private static function sendRemoteShare($token, $shareWith, $name, $remote_id, $owner) {
- list($user, $remote) = explode('@', $shareWith, 2);
+ list($user, $remote) = Helper::splitUserRemote($shareWith);
if ($user && $remote) {
- $url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
+ $url = $remote . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT;
$local = \OC::$server->getURLGenerator()->getAbsoluteURL('/');
> 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427