From 626daabb56c91755bccb327f090e6bdcd94789ad Mon Sep 17 00:00:00 2001 From: Vincent Petry Date: Fri, 2 Sep 2016 11:23:55 +0200 Subject: Prefilter inaccessible shares in DefaultShareProvider::getSharedWith() The DefaultShareProvider now does a DB-level check to find out whether file_source is accessible at all (deleted file) or whether it's in the trashbin of a home storage. One small corner case where the home storage id is in md5 form cannot be covered properly with this approach. Signed-off-by: Lukas Reschke --- lib/private/Share20/DefaultShareProvider.php | 46 +++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index f33c297b02d..d6afcf99912 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -582,6 +582,25 @@ class DefaultShareProvider implements IShareProvider { return $shares; } + /** + * Returns whether the given database result can be interpreted as + * a share with accessible file (not trashed, not deleted) + */ + private function isAccessibleResult($data) { + // exclude shares leading to deleted file entries + if ($data['fileid'] === null) { + return false; + } + + // exclude shares leading to trashbin on home storages + $pathSections = explode('/', $data['path'], 2); + // FIXME: would not detect rare md5'd home storage case properly + if ($pathSections[0] !== 'files' && explode(':', $data['storage_string_id'], 2)[0] === 'home') { + return false; + } + return true; + } + /** * @inheritdoc */ @@ -592,11 +611,14 @@ class DefaultShareProvider implements IShareProvider { if ($shareType === \OCP\Share::SHARE_TYPE_USER) { //Get shares directly with this user $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share'); + $qb->select('s.*', 'f.fileid', 'f.path') + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')); // Order by id - $qb->orderBy('id'); + $qb->orderBy('s.id'); // Set limit and offset if ($limit !== -1) { @@ -619,7 +641,9 @@ class DefaultShareProvider implements IShareProvider { $cursor = $qb->execute(); while($data = $cursor->fetch()) { - $shares[] = $this->createShare($data); + if ($this->isAccessibleResult($data)) { + $shares[] = $this->createShare($data); + } } $cursor->closeCursor(); @@ -640,9 +664,12 @@ class DefaultShareProvider implements IShareProvider { } $qb = $this->dbConn->getQueryBuilder(); - $qb->select('*') - ->from('share') - ->orderBy('id') + $qb->select('s.*', 'f.fileid', 'f.path') + ->selectAlias('st.id', 'storage_string_id') + ->from('share', 's') + ->leftJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid')) + ->leftJoin('f', 'storages', 'st', $qb->expr()->eq('f.storage', 'st.numeric_id')) + ->orderBy('s.id') ->setFirstResult(0); if ($limit !== -1) { @@ -672,7 +699,10 @@ class DefaultShareProvider implements IShareProvider { $offset--; continue; } - $shares2[] = $this->createShare($data); + + if ($this->isAccessibleResult($data)) { + $shares2[] = $this->createShare($data); + } } $cursor->closeCursor(); } -- cgit v1.2.3