From 88f4845ca33fd6f2988f230116e2190d15ab1866 Mon Sep 17 00:00:00 2001 From: Michael Gapczynski Date: Wed, 11 Jul 2012 20:04:18 -0400 Subject: [PATCH] Sanitization isn't required here --- core/ajax/share.php | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/core/ajax/share.php b/core/ajax/share.php index 33eea22352..4c5ef310b7 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -22,56 +22,43 @@ require_once '../../lib/base.php'; OC_JSON::checkLoggedIn(); if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['item'])) { - $itemType = OCP\Util::sanitizeHTML($_POST['itemType']); - $item = OCP\Util::sanitizeHTML($_POST['item']); switch ($_POST['action']) { case 'share': if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $permissions = OCP\Util::sanitizeHTML($_POST['permissions']); - $return = OCP\Share::share($itemType, $item, $shareType, $shareWith, $permissions); + $return = OCP\Share::share($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']); // TODO May need to return private link ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'unshare': if (isset($_POST['shareType']) && isset($_POST['shareWith'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $return = OCP\Share::unshare($itemType, $item, $shareType, $shareWith); + $return = OCP\Share::unshare($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'setTarget': if (isset($_POST['newTarget'])) { - $newTarget = OCP\Util::sanitizeHTML($_POST['newTarget']); - $return = OCP\Share::setTarget($itemType, $item, $newTarget); + $return = OCP\Share::setTarget($_POST['itemType'], $_POST['item'], $_POST['newTarget']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; case 'setPermissions': if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { - $shareType = OCP\Util::sanitizeHTML($_POST['shareType']); - $shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']); - $permissions = OCP\Util::sanitizeHTML($_POST['permissions']); - $return = OCP\Share::setPermissions($itemType, $item, $shareType, $shareWith, $permissions); + $return = OCP\Share::setPermissions($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']); ($return) ? OC_JSON::success() : OC_JSON::error(); } break; } } else if (isset($_GET['fetch']) && isset($_GET['itemType'])) { - $itemType = OCP\Util::sanitizeHTML($_GET['itemType']); switch ($_GET['fetch']) { case 'getItemsSharedStatuses': - $return = OCP\Share::getItemsShared($itemType, OCP\Share::FORMAT_STATUSES); + $return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES); ($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error(); break; case 'getItem': // TODO Check if the item was shared to the current user if (isset($_GET['item'])) { - $item = OCP\Util::sanitizeHTML($_GET['item']); - $return = OCP\Share::getItemShared($itemType, $item); + $return = OCP\Share::getItemShared($_GET['itemType'], $_GET['item']); ($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error(); } break;