From d38a378b8cc8d13e6459ccb4cfbc8a8bbe1f8428 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Thu, 18 Jun 2015 09:21:06 +0200 Subject: make sure that we split username and server address at the first '@' from the right to allow usernames containing '@' --- .../invalidfederatedcloudidexception.php | 30 ++++++++++++++++++++++ lib/private/share/helper.php | 22 ++++++++++++++++ lib/private/share/share.php | 2 +- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 lib/private/share/exceptions/invalidfederatedcloudidexception.php (limited to 'lib/private/share') diff --git a/lib/private/share/exceptions/invalidfederatedcloudidexception.php b/lib/private/share/exceptions/invalidfederatedcloudidexception.php new file mode 100644 index 00000000000..1f3e63c8800 --- /dev/null +++ b/lib/private/share/exceptions/invalidfederatedcloudidexception.php @@ -0,0 +1,30 @@ + + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + + +namespace OC\Share\Exceptions; + + +use OC\HintException; + +class InvalidFederatedCloudIdException extends HintException { + +} diff --git a/lib/private/share/helper.php b/lib/private/share/helper.php index 65167dd7549..d88c4bcbfc2 100644 --- a/lib/private/share/helper.php +++ b/lib/private/share/helper.php @@ -27,6 +27,8 @@ namespace OC\Share; +use OC\Share\Exceptions\InvalidFederatedCloudIdException; + class Helper extends \OC\Share\Constants { /** @@ -244,4 +246,24 @@ class Helper extends \OC\Share\Constants { return rtrim($shareWith, '/'); } + + /** + * split user and remote from federated cloud id + * + * @param string $id + * @return array + * @throws InvalidFederatedCloudIdException + */ + public static function splitUserRemote($id) { + $pos = strrpos($id, '@'); + if ($pos !== false) { + $user = substr($id, 0, $pos); + $remote = substr($id, $pos + 1); + if (!empty($user) && !empty($remote)) { + return array($user, $remote); + } + } + + throw new InvalidFederatedCloudIdException('invalid Federated Cloud ID'); + } } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 027c518f9f1..3c4b6863afd 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -2427,7 +2427,7 @@ class Share extends Constants { */ private static function sendRemoteShare($token, $shareWith, $name, $remote_id, $owner) { - list($user, $remote) = explode('@', $shareWith, 2); + list($user, $remote) = Helper::splitUserRemote($shareWith); if ($user && $remote) { $url = rtrim($remote, '/') . self::BASE_PATH_TO_SHARE_API . '?format=' . self::RESPONSE_FORMAT; -- cgit v1.2.3