From d2e6f7d9790d42faf9d79b7beb07b2d287fd2da3 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 21 Nov 2013 15:57:49 +0100
Subject: [PATCH] check HTTP Referer to check if we come from public.php or
 from a internal page. Necessary to detect public access also if a user is
 logged in.

---
 apps/files_encryption/lib/helper.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index e66a84d909..897b5d4662 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -225,7 +225,7 @@ class Helper {
 	 * @return bool
 	 */
 	public static function isPublicAccess() {
-		if (\OCP\USER::getUser() === false) {
+		if (strpos($_SERVER['HTTP_REFERER'], 'public.php') !== false) {
 			return true;
 		} else {
 			return false;
@@ -252,16 +252,22 @@ class Helper {
 		return $relPath;
 	}
 
+	/**
+	 * @brief get user from the path, because we can't assume that \OCP\User::getUser()
+	 *        will always return the right result
+	 * @param type $path
+	 * @return boolean
+	 */
 	public static function getUser($path) {
 
 		$user = \OCP\User::getUser();
 
-		// if we are logged in, than we return the userid
-		if ($user) {
+		// if we are logged in and if we don't come from a public URL, then we return the userid
+		if ($user && strpos($_SERVER['HTTP_REFERER'], 'public.php') === false) {
 			return $user;
 		}
 
-		// if no user is logged in we try to access a publically shared files.
+		// ...otherwise we try to access a publically shared files.
 		// In this case we need to try to get the user from the path
 
 		$trimmed = ltrim($path, '/');