From c8a6fea1b476dae8953a36540d49e00865f5d807 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Mon, 13 Jul 2015 12:01:15 +0200
Subject: [PATCH] Allow ajax requests on public webdav interface

Whenever outgoing shares are disabled, still allow ajax requests to make
it possible to use the Webdav interface in the public link page.

Please note that disabling outgoing shares isn't strong anyway as
someone could abuse the ajax endpoints to access files anyway. To
properly disable remote sharing, public link sharing must be disabled
too.
---
 apps/files_sharing/publicwebdav.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apps/files_sharing/publicwebdav.php b/apps/files_sharing/publicwebdav.php
index 773a15c888..fbf9d22cf7 100644
--- a/apps/files_sharing/publicwebdav.php
+++ b/apps/files_sharing/publicwebdav.php
@@ -46,7 +46,8 @@ $serverFactory = new \OC\Connector\Sabre\ServerFactory(
 $requestUri = \OC::$server->getRequest()->getRequestUri();
 
 $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function () use ($authBackend) {
-	if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false) {
+	$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
+	if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false && !$isAjax) {
 		// this is what is thrown when trying to access a non-existing share
 		throw new \Sabre\DAV\Exception\NotAuthenticated();
 	}