From a9e0cfad8b3d90c81b53e7d4b2382e559a4cec94 Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 19 Feb 2016 12:59:10 +0100 Subject: Check delete permission before attemping copy+delete Some move operations when cross-storage will be replaced by copy and delete. Before attempting this, first check whether the source storage has delete permissions. This also prevents renaming system-wide external storages. --- lib/private/files/storage/common.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/private/files/storage/common.php') diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index edc570c967d..1d4801e5b97 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -613,6 +613,10 @@ abstract class Common implements Storage, ILockingStorage { return $this->rename($sourceInternalPath, $targetInternalPath); } + if (!$sourceStorage->isDeletable($sourceInternalPath)) { + return false; + } + $result = $this->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, true); if ($result) { if ($sourceStorage->is_dir($sourceInternalPath)) { -- cgit v1.2.3