From 5983c6846249c5fd55b24669a6b2603e90dc5206 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 19 Dec 2016 17:15:55 +0100
Subject: Don't resolve public share token if public sharing is disabled

Otherwise disabling sharing does prevent access to the view controllers but one can still access the shares using the public preview route or the public WebDAV endpoint.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 lib/private/Share20/Manager.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php
index cd1d52c3bbf..591d904355d 100644
--- a/lib/private/Share20/Manager.php
+++ b/lib/private/Share20/Manager.php
@@ -1053,6 +1053,10 @@ class Manager implements IManager {
 	 * @throws ShareNotFound
 	 */
 	public function getShareByToken($token) {
+		if(!$this->shareApiAllowLinks()) {
+			throw new ShareNotFound();
+		}
+
 		$share = null;
 		try {
 			$provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_LINK);
-- 
cgit v1.2.3