From 8c9aa9a91962afe32e50c594dbc67352a963e4cd Mon Sep 17 00:00:00 2001
From: Côme Chilliet <come.chilliet@nextcloud.com>
Date: Thu, 3 Aug 2023 16:13:38 +0200
Subject: Set files_sharing:hide_disabled_user_shares to 'yes' to hide shares
 from disabled users
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 lib/private/Share20/Manager.php | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

(limited to 'lib/private')

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 9360046bc24..2e6b9ab840c 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1343,7 +1343,7 @@ class Manager implements IManager {
 			$added = 0;
 			foreach ($shares as $share) {
 				try {
-					$this->checkExpireDate($share);
+					$this->checkShare($share);
 				} catch (ShareNotFound $e) {
 					//Ignore since this basically means the share is deleted
 					continue;
@@ -1402,7 +1402,7 @@ class Manager implements IManager {
 		// remove all shares which are already expired
 		foreach ($shares as $key => $share) {
 			try {
-				$this->checkExpireDate($share);
+				$this->checkShare($share);
 			} catch (ShareNotFound $e) {
 				unset($shares[$key]);
 			}
@@ -1448,7 +1448,7 @@ class Manager implements IManager {
 
 		$share = $provider->getShareById($id, $recipient);
 
-		$this->checkExpireDate($share);
+		$this->checkShare($share);
 
 		return $share;
 	}
@@ -1532,7 +1532,7 @@ class Manager implements IManager {
 			throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
 		}
 
-		$this->checkExpireDate($share);
+		$this->checkShare($share);
 
 		/*
 		 * Reduce the permissions for link or email shares if public upload is not enabled
@@ -1545,11 +1545,25 @@ class Manager implements IManager {
 		return $share;
 	}
 
-	protected function checkExpireDate($share) {
+	/**
+	 * Check expire date and disabled owner
+	 *
+	 * @throws ShareNotFound
+	 */
+	protected function checkShare(IShare $share): void {
 		if ($share->isExpired()) {
 			$this->deleteShare($share);
 			throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
 		}
+		if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') {
+			$uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
+			foreach ($uids as $uid) {
+				$user = $this->userManager->get($uid);
+				if (($user !== null) && !$user->isEnabled()) {
+					throw new ShareNotFound($this->l->t('The requested share comes from a disabled user'));
+				}
+			}
+		}
 	}
 
 	/**
-- 
cgit v1.2.3


From 24ad2e2dc41b265c527d38e791f9ff2989df1897 Mon Sep 17 00:00:00 2001
From: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Date: Thu, 10 Aug 2023 17:05:19 +0200
Subject: Use nullsafe call syntax instead of additionnal check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
---
 lib/private/Share20/Manager.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/private')

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index 2e6b9ab840c..b03608f9872 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1559,7 +1559,7 @@ class Manager implements IManager {
 			$uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
 			foreach ($uids as $uid) {
 				$user = $this->userManager->get($uid);
-				if (($user !== null) && !$user->isEnabled()) {
+				if ($user?->isEnabled() === false) {
 					throw new ShareNotFound($this->l->t('The requested share comes from a disabled user'));
 				}
 			}
-- 
cgit v1.2.3


From 14725d792f3565b8b407bb8c431e434565e00cf2 Mon Sep 17 00:00:00 2001
From: Anna Larch <anna@nextcloud.com>
Date: Fri, 30 Jun 2023 11:01:22 +0200
Subject: fix(CalDAV): Check if the vObject exists before attempting any
 operations

Signed-off-by: Anna Larch <anna@nextcloud.com>
---
 lib/private/Calendar/Manager.php | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'lib/private')

diff --git a/lib/private/Calendar/Manager.php b/lib/private/Calendar/Manager.php
index f29920e1793..dc4801c69ce 100644
--- a/lib/private/Calendar/Manager.php
+++ b/lib/private/Calendar/Manager.php
@@ -231,11 +231,20 @@ class Manager implements IManager {
 		string $recipient,
 		string $calendarData,
 	): bool {
-		/** @var VCalendar $vObject */
+		/** @var VCalendar $vObject|null */
 		$vObject = Reader::read($calendarData);
-		/** @var VEvent $vEvent */
+
+		if ($vObject === null) {
+			return false;
+		}
+
+		/** @var VEvent|null $vEvent */
 		$vEvent = $vObject->{'VEVENT'};
 
+		if ($vEvent === null) {
+			return false;
+		}
+
 		// First, we check if the correct method is passed to us
 		if (strcasecmp('REPLY', $vObject->{'METHOD'}->getValue()) !== 0) {
 			$this->logger->warning('Wrong method provided for processing');
@@ -306,10 +315,20 @@ class Manager implements IManager {
 		string $recipient,
 		string $calendarData,
 	): bool {
+		/** @var VCalendar $vObject|null */
 		$vObject = Reader::read($calendarData);
-		/** @var VEvent $vEvent */
+
+		if ($vObject === null) {
+			return false;
+		}
+
+		/** @var VEvent|null $vEvent */
 		$vEvent = $vObject->{'VEVENT'};
 
+		if ($vEvent === null) {
+			return false;
+		}
+
 		// First, we check if the correct method is passed to us
 		if (strcasecmp('CANCEL', $vObject->{'METHOD'}->getValue()) !== 0) {
 			$this->logger->warning('Wrong method provided for processing');
-- 
cgit v1.2.3