nextcloud/settings/ajax/setquota.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
 * @author Bart Visscher <bartv@thisnet.nl>
 * @author Björn Schießle <bjoern@schiessle.org>
 * @author Christopher Schäpers <kondou@ts.unde.re>
 * @author Felix Moeller <mail@felixmoeller.de>
 * @author Georg Ehrke <oc.list@georgehrke.com>
 * @author Joas Schilling <coding@schilljs.com>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Robin Appelman <robin@icewind.nl>
 * @author Thomas Müller <thomas.mueller@tmit.eu>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();

$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
	exit();
}

$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';

$isUserAccessible = false;
$currentUserObject = \OC::$server->getUserSession()->getUser();
$targetUserObject = \OC::$server->getUserManager()->get($username);
if($targetUserObject !== null && $currentUserObject !== null) {
	$isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
}

if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
	|| (!OC_User::isAdminUser(OC_User::getUser())
		&& !$isUserAccessible)) {
	$l = \OC::$server->getL10N('core');
	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
	exit();
}

//make sure the quota is in the expected format
$quota= (string)$_POST["quota"];
if($quota !== 'none' and $quota !== 'default') {
	$quota= OC_Helper::computerFileSize($quota);
	$quota=OC_Helper::humanFileSize($quota);
}

// Return Success story
if($username) {
	$targetUserObject->setQuota($quota);
}else{//set the default quota when no username is specified
	if($quota === 'default') {//'default' as default quota makes no sense
		$quota='none';
	}
	\OC::$server->getAppConfig()->setValue('files', 'default_quota', $quota);
}
OC_JSON::success(array("data" => array( "username" => $username , 'quota' => $quota)));
add option to set user quota 2011-08-15 23:06:29 +04:00			`<?php`
improve log browsing 2012-02-26 00:19:32 +04:00			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Arthur Schiwon <blizzz@arthur-schiwon.de>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Bart Visscher <bartv@thisnet.nl>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Björn Schießle <bjoern@schiessle.org>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Christopher Schäpers <kondou@ts.unde.re>`
			`* @author Felix Moeller <mail@felixmoeller.de>`
Change @georgehrke's email Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 22:15:27 +03:00			`* @author Georg Ehrke <oc.list@georgehrke.com>`
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 17:56:42 +03:00			`* @author Joas Schilling <coding@schilljs.com>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Morris Jobke <hey@morrisjobke.de>`
Update with robin 2016-07-21 19:13:36 +03:00			`* @author Robin Appelman <robin@icewind.nl>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Thomas Müller <thomas.mueller@tmit.eu>`
			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
			`*`
improve log browsing 2012-02-26 00:19:32 +04:00			`*/`
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36. 2015-02-26 13:37:37 +03:00
fix setqouta for subadmins 2012-07-19 18:37:41 +04:00			`OC_JSON::checkSubAdminUser();`
CSRF check in the settings 2012-07-07 17:27:04 +04:00			`OCP\JSON::callCheck();`
add option to set user quota 2011-08-15 23:06:29 +04:00
Require password confirmation to change the Quota Signed-off-by: Joas Schilling <coding@schilljs.com> 2016-11-10 19:18:12 +03:00			`$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');`
			`if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay`
			`$l = \OC::$server->getL10N('core');`
			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));`
			`exit();`
			`}`

Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core 2015-02-13 15:33:20 +03:00			`$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';`
save quota in human readable format (42 MB), should prevent some of the overflow related problems 2011-12-14 04:16:14 +04:00
Drop OC_SubAdmin and replace usages 2015-10-27 16:09:45 +03:00			`$isUserAccessible = false;`
			`$currentUserObject = \OC::$server->getUserSession()->getUser();`
			`$targetUserObject = \OC::$server->getUserManager()->get($username);`
			`if($targetUserObject !== null && $currentUserObject !== null) {`
			`$isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);`
			`}`

Use !== and === in settings. 2013-04-17 17:32:03 +04:00			`if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))`
Style cleanup settings 2013-02-15 02:29:51 +04:00			`\|\| (!OC_User::isAdminUser(OC_User::getUser())`
Drop OC_SubAdmin and replace usages 2015-10-27 16:09:45 +03:00			`&& !$isUserAccessible)) {`
Use public api for getting l10n 2014-08-31 12:05:59 +04:00			`$l = \OC::$server->getL10N('core');`
fix copy&paste fail and deny subadmins to set the default qouta 2012-07-19 20:00:33 +04:00			`OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));`
fix setqouta for subadmins 2012-07-19 18:37:41 +04:00			`exit();`
			`}`

save quota in human readable format (42 MB), should prevent some of the overflow related problems 2011-12-14 04:16:14 +04:00			`//make sure the quota is in the expected format`
Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core 2015-02-13 15:33:20 +03:00			`$quota= (string)$_POST["quota"];`
Use !== and === in settings. 2013-04-17 17:32:03 +04:00			`if($quota !== 'none' and $quota !== 'default') {`
add a default user quota 2012-02-24 17:10:19 +04:00			`$quota= OC_Helper::computerFileSize($quota);`
allow to set quota to zero, issue #2696 2013-05-06 13:43:50 +04:00			`$quota=OC_Helper::humanFileSize($quota);`
add a default user quota 2012-02-24 17:10:19 +04:00			`}`
add option to set user quota 2011-08-15 23:06:29 +04:00
			`// Return Success story`
Update settings/ajax/setquota.php respect coding style 2012-09-04 13:36:21 +04:00			`if($username) {`
Consolidate getQuota and setQuota methods in User instance 2016-02-09 19:16:43 +03:00			`$targetUserObject->setQuota($quota);`
add configure option for default quota 2012-02-25 00:19:23 +04:00			`}else{//set the default quota when no username is specified`
Use !== and === in settings. 2013-04-17 17:32:03 +04:00			`if($quota === 'default') {//'default' as default quota makes no sense`
add configure option for default quota 2012-02-25 00:19:23 +04:00			`$quota='none';`
			`}`
Remove OC_Appconfig 2015-07-03 15:16:29 +03:00			`\OC::$server->getAppConfig()->setValue('files', 'default_quota', $quota);`
add configure option for default quota 2012-02-25 00:19:23 +04:00			`}`
Checkstyle fixes: NoSpaceAfterComma 2012-11-04 14:10:46 +04:00			`OC_JSON::success(array("data" => array( "username" => $username , 'quota' => $quota)));`
add option to set user quota 2011-08-15 23:06:29 +04:00