From 0c32f668998bfa95ae9a36bbddcc6263b2a98701 Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Fri, 5 Jul 2013 12:15:47 +0200
Subject: get the real physical folder name for anonymous upload

---
 apps/files/ajax/upload.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'apps/files/ajax')

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 8433716dec1..4b015e4d1f5 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -18,7 +18,6 @@ if (empty($_POST['dirToken'])) {
 	}
 } else {
 	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
-
 	if ($linkItem === false) {
 		OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
 		die();
@@ -27,11 +26,17 @@ if (empty($_POST['dirToken'])) {
 	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
 		OCP\JSON::checkLoggedIn();
 	} else {
+		// translate linkItem to the real folder name on the file system
+		$sharedItem = OCP\Share::getItemShared($linkItem['item_type'], $linkItem['item_source']);
+		if (!$sharedItem || empty($sharedItem) || $sharedItem === false) {
+			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
+			die();
+		}
 
 		// The token defines the target directory (security reasons)
 		$dir = sprintf(
 			"/%s/%s",
-			$linkItem['file_target'],
+			array_pop($sharedItem)['path'],
 			isset($_POST['subdir']) ? $_POST['subdir'] : ''
 		);
 
-- 
cgit v1.2.3


From d1d68855850022ee4dd91105f00a947029f2e4c8 Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Fri, 5 Jul 2013 13:22:38 +0200
Subject: php 5.3 compliant now

---
 apps/files/ajax/upload.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'apps/files/ajax')

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 4b015e4d1f5..733ed95974f 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -34,9 +34,10 @@ if (empty($_POST['dirToken'])) {
 		}
 
 		// The token defines the target directory (security reasons)
+		$sharedItem = array_pop($sharedItem);
 		$dir = sprintf(
 			"/%s/%s",
-			array_pop($sharedItem)['path'],
+			$sharedItem['path'],
 			isset($_POST['subdir']) ? $_POST['subdir'] : ''
 		);
 
-- 
cgit v1.2.3


From 352c1415be55ae5797685d2ea22fcd07cdfbf4ec Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Fri, 5 Jul 2013 13:45:21 +0200
Subject: proper fix for getting the shared item if no user is logged in

---
 apps/files/ajax/upload.php |  9 +++++----
 lib/public/share.php       | 13 ++++++++++++-
 2 files changed, 17 insertions(+), 5 deletions(-)

(limited to 'apps/files/ajax')

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 733ed95974f..54604d10563 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -26,15 +26,18 @@ if (empty($_POST['dirToken'])) {
 	if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) {
 		OCP\JSON::checkLoggedIn();
 	} else {
+		// Setup FS with owner
+		OC_Util::tearDownFS();
+		OC_Util::setupFS($linkItem['uid_owner']);
+
 		// translate linkItem to the real folder name on the file system
-		$sharedItem = OCP\Share::getItemShared($linkItem['item_type'], $linkItem['item_source']);
+		$sharedItem = OCP\Share::getSharedItem($linkItem['item_type'], $linkItem['item_source'], $linkItem['uid_owner']);
 		if (!$sharedItem || empty($sharedItem) || $sharedItem === false) {
 			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
 			die();
 		}
 
 		// The token defines the target directory (security reasons)
-		$sharedItem = array_pop($sharedItem);
 		$dir = sprintf(
 			"/%s/%s",
 			$sharedItem['path'],
@@ -45,8 +48,6 @@ if (empty($_POST['dirToken'])) {
 			OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
 			die();
 		}
-		// Setup FS with owner
-		OC_Util::setupFS($linkItem['uid_owner']);
 	}
 }
 
diff --git a/lib/public/share.php b/lib/public/share.php
index de7025d7b15..28878c2c868 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -312,11 +312,22 @@ class Share {
 	* @return Return depends on format
 	*/
 	public static function getItemShared($itemType, $itemSource, $format = self::FORMAT_NONE,
-		$parameters = null, $includeCollections = false) {
+	                                     $parameters = null, $includeCollections = false) {
 		return self::getItems($itemType, $itemSource, null, null, \OC_User::getUser(), $format,
 			$parameters, -1, $includeCollections);
 	}
 
+	/**
+	 * @param $itemType
+	 * @param $itemSource
+	 * @param $uid_owner
+	 * @return mixed
+	 */
+	public static function getSharedItem($itemType, $itemSource, $uid_owner) {
+		return self::getItems($itemType, $itemSource, null, null, $uid_owner, self::FORMAT_NONE,
+			null, 1, false);
+	}
+
 	/**
 	* Get all users an item is shared with
 	* @param string Item type
-- 
cgit v1.2.3