diff options
Diffstat (limited to 'lib/public')
| -rw-r--r-- | lib/public/share.php | 35 | ||||
| -rw-r--r-- | lib/public/user.php | 2 |
2 files changed, 26 insertions, 11 deletions
diff --git a/lib/public/share.php b/lib/public/share.php index 41f5ccbf40d..6c5783f1179 100644 --- a/lib/public/share.php +++ b/lib/public/share.php @@ -106,22 +106,22 @@ class Share { } return false; } - + /** * @brief Prepare a path to be passed to DB as file_target * @return string Prepared path */ public static function prepFileTarget( $path ) { - + // Paths in DB are stored with leading slashes, so add one if necessary if ( substr( $path, 0, 1 ) !== '/' ) { - + $path = '/' . $path; - + } - + return $path; - + } /** @@ -256,7 +256,7 @@ class Share { return self::getItems($itemType, $itemTarget, self::$shareTypeUserAndGroups, \OC_User::getUser(), null, $format, $parameters, 1, $includeCollections); } - + /** * @brief Get the item of item type shared with the current user by source * @param string Item type @@ -293,7 +293,18 @@ class Share { if (\OC_DB::isError($result)) { \OC_Log::write('OCP\Share', \OC_DB::getErrorMessage($result) . ', token=' . $token, \OC_Log::ERROR); } - return $result->fetchRow(); + $row = $result->fetchRow(); + + if (!empty($row['expiration'])) { + $now = new \DateTime(); + $expirationDate = new \DateTime($row['expiration'], new \DateTimeZone('UTC')); + if ($now > $expirationDate) { + self::delete($row['id']); + return false; + } + } + + return $row; } /** @@ -450,6 +461,7 @@ class Share { $uidOwner, self::FORMAT_NONE, null, 1)) { // remember old token $oldToken = $checkExists['token']; + $oldPermissions = $checkExists['permissions']; //delete the old share self::delete($checkExists['id']); } @@ -460,8 +472,11 @@ class Share { $hasher = new \PasswordHash(8, $forcePortable); $shareWith = $hasher->HashPassword($shareWith.\OC_Config::getValue('passwordsalt', '')); } else { - // reuse the already set password - $shareWith = $checkExists['share_with']; + // reuse the already set password, but only if we change permissions + // otherwise the user disabled the password protection + if ($checkExists && (int)$permissions !== (int)$oldPermissions) { + $shareWith = $checkExists['share_with']; + } } // Generate token diff --git a/lib/public/user.php b/lib/public/user.php index 23ff991642d..576a64d7048 100644 --- a/lib/public/user.php +++ b/lib/public/user.php @@ -102,7 +102,7 @@ class User { * @brief Check if the password is correct * @param $uid The username * @param $password The password - * @returns true/false + * @returns mixed username on success, false otherwise * * Check if the password is correct without logging in the user */ |