mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sanitization isn't required here

This commit is contained in:
Michael Gapczynski 2012-07-11 20:04:18 -04:00
parent cbf851de69
commit 88f4845ca3
1 changed files with 6 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/ajax/share.php
View File

@ -22,56 +22,43 @@ require_once '../../lib/base.php';
OC_JSON::checkLoggedIn();
if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['item'])) {
$itemType = OCP\Util::sanitizeHTML($_POST['itemType']);
$item = OCP\Util::sanitizeHTML($_POST['item']);
switch ($_POST['action']) {
case 'share':
if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
$permissions = OCP\Util::sanitizeHTML($_POST['permissions']);
$return = OCP\Share::share($itemType, $item, $shareType, $shareWith, $permissions);
$return = OCP\Share::share($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']);
// TODO May need to return private link
($return) ? OC_JSON::success() : OC_JSON::error();
}
break;
case 'unshare':
if (isset($_POST['shareType']) && isset($_POST['shareWith'])) {
$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
$return = OCP\Share::unshare($itemType, $item, $shareType, $shareWith);
$return = OCP\Share::unshare($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith']);
($return) ? OC_JSON::success() : OC_JSON::error();
}
break;
case 'setTarget':
if (isset($_POST['newTarget'])) {
$newTarget = OCP\Util::sanitizeHTML($_POST['newTarget']);
$return = OCP\Share::setTarget($itemType, $item, $newTarget);
$return = OCP\Share::setTarget($_POST['itemType'], $_POST['item'], $_POST['newTarget']);
($return) ? OC_JSON::success() : OC_JSON::error();
}
break;
case 'setPermissions':
if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
$permissions = OCP\Util::sanitizeHTML($_POST['permissions']);
$return = OCP\Share::setPermissions($itemType, $item, $shareType, $shareWith, $permissions);
$return = OCP\Share::setPermissions($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']);
($return) ? OC_JSON::success() : OC_JSON::error();
}
break;
}
} else if (isset($_GET['fetch']) && isset($_GET['itemType'])) {
$itemType = OCP\Util::sanitizeHTML($_GET['itemType']);
switch ($_GET['fetch']) {
case 'getItemsSharedStatuses':
$return = OCP\Share::getItemsShared($itemType, OCP\Share::FORMAT_STATUSES);
$return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES);
($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
break;
case 'getItem':
// TODO Check if the item was shared to the current user
if (isset($_GET['item'])) {
$item = OCP\Util::sanitizeHTML($_GET['item']);
$return = OCP\Share::getItemShared($itemType, $item);
$return = OCP\Share::getItemShared($_GET['itemType'], $_GET['item']);
($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
}
break;