summaryrefslogtreecommitdiffstats
path: root/lib/public/share.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public/share.php')
-rw-r--r--lib/public/share.php60
1 files changed, 52 insertions, 8 deletions
diff --git a/lib/public/share.php b/lib/public/share.php
index 6b3397c85c6..f832d04a70f 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -347,20 +347,29 @@ class Share {
}
/**
- * Get the item shared by a token
- * @param string token
- * @return Item
+ * Based on the given token the share information will be returned - password protected shares will be verified
+ * @param string $token
+ * @return array | bool false will be returned in case the token is unknown or unauthorized
*/
- public static function getShareByToken($token) {
+ public static function getShareByToken($token, $checkPasswordProtection = true) {
$query = \OC_DB::prepare('SELECT * FROM `*PREFIX*share` WHERE `token` = ?', 1);
$result = $query->execute(array($token));
if (\OC_DB::isError($result)) {
\OC_Log::write('OCP\Share', \OC_DB::getErrorMessage($result) . ', token=' . $token, \OC_Log::ERROR);
}
$row = $result->fetchRow();
+ if ($row === false) {
+ return false;
+ }
if (is_array($row) and self::expireItem($row)) {
return false;
}
+
+ // password protected shares need to be authenticated
+ if ($checkPasswordProtection && !\OCP\Share::checkPasswordProtectedShare($row)) {
+ return false;
+ }
+
return $row;
}
@@ -655,7 +664,15 @@ class Share {
* @return Returns true on success or false on failure
*/
public static function unshareAll($itemType, $itemSource) {
- if ($shares = self::getItemShared($itemType, $itemSource)) {
+ // Get all of the owners of shares of this item.
+ $query = \OC_DB::prepare( 'SELECT `uid_owner` from `*PREFIX*share` WHERE `item_type`=? AND `item_source`=?' );
+ $result = $query->execute(array($itemType, $itemSource));
+ $shares = array();
+ // Add each owner's shares to the array of all shares for this item.
+ while ($row = $result->fetchRow()) {
+ $shares = array_merge($shares, self::getItems($itemType, $itemSource, null, null, $row['uid_owner']));
+ }
+ if (!empty($shares)) {
// Pass all the vars we have for now, they may be useful
$hookParams = array(
'itemType' => $itemType,
@@ -850,9 +867,8 @@ class Share {
protected static function expireItem(array $item) {
if (!empty($item['expiration'])) {
$now = new \DateTime();
- $expirationDate = \Doctrine\DBAL\Types\Type::getType('datetime')
- ->convertToPhpValue($item['expiration'], \OC_DB::getConnection()->getDatabasePlatform());
- if ($now > $expirationDate) {
+ $expires = new \DateTime($item['expiration']);
+ if ($now > $expires) {
self::unshareItem($item);
return true;
}
@@ -1881,6 +1897,34 @@ class Share {
}
}
+ /**
+ * In case a password protected link is not yet authenticated this function will return false
+ *
+ * @param array $linkItem
+ * @return bool
+ */
+ public static function checkPasswordProtectedShare(array $linkItem) {
+ if (!isset($linkItem['share_with'])) {
+ return true;
+ }
+ if (!isset($linkItem['share_type'])) {
+ return true;
+ }
+ if (!isset($linkItem['id'])) {
+ return true;
+ }
+
+ if ($linkItem['share_type'] != \OCP\Share::SHARE_TYPE_LINK) {
+ return true;
+ }
+
+ if ( \OC::$session->exists('public_link_authenticated')
+ && \OC::$session->get('public_link_authenticated') === $linkItem['id'] ) {
+ return true;
+ }
+
+ return false;
+ }
}
/**