From 8e3b8c7f47ab12e1612d3fa025e6b9eb7f5ffdb3 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <mtgap@owncloud.com>
Date: Sun, 10 Feb 2013 19:09:58 -0500
Subject: [PATCH] Proper fix for shared links

---
 apps/files_sharing/lib/sharedstorage.php |  2 +-
 apps/files_sharing/public.php            | 45 +++++++++++++-----------
 lib/files/filesystem.php                 |  4 +--
 lib/util.php                             |  2 +-
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/apps/files_sharing/lib/sharedstorage.php b/apps/files_sharing/lib/sharedstorage.php
index ea28ca69b9..65812b7e2f 100644
--- a/apps/files_sharing/lib/sharedstorage.php
+++ b/apps/files_sharing/lib/sharedstorage.php
@@ -390,7 +390,7 @@ class Shared extends \OC\Files\Storage\Common {
 	}
 
 	public static function setup($options) {
-		if (\OCP\Share::getItemsSharedWith('file')) {
+		if (!\OCP\User::isLoggedIn() || \OCP\User::getUser() != $options['user'] || \OCP\Share::getItemsSharedWith('file')) {
 			$user_dir = $options['user_dir'];
 			\OC\Files\Filesystem::mount('\OC\Files\Storage\Shared', array('sharedFolder' => '/Shared'), $user_dir.'/Shared/');
 		}
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index 29b7b3dee7..47e074edb8 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -11,14 +11,26 @@ if (isset($_GET['t'])) {
 		$type = $linkItem['item_type'];
 		$fileSource = $linkItem['file_source'];
 		$shareOwner = $linkItem['uid_owner'];
-		if (OCP\User::userExists($shareOwner) && $fileSource != -1) {
-			OC_Util::setupFS($shareOwner);
-			$path = $linkItem['file_target'];
+		$fileOwner = null;
+		$path = null;
+		if (isset($linkItem['parent'])) {
+			$parent = $linkItem['parent'];
+			while (isset($parent)) {
+				$query = \OC_DB::prepare('SELECT `parent`, `uid_owner` FROM `*PREFIX*share` WHERE `id` = ?', 1);
+				$item = $query->execute(array($parent))->fetchRow();
+				if (isset($item['parent'])) {
+					$parent = $item['parent'];
+				} else {
+					$fileOwner = $item['uid_owner'];
+					break;
+				}
+			}
 		} else {
-			header('HTTP/1.0 404 Not Found');
-			$tmpl = new OCP\Template('', '404', 'guest');
-			$tmpl->printPage();
-			exit();
+			$fileOwner = $shareOwner;
+		}
+		if (isset($fileOwner)) {
+			OC_Util::setupFS($fileOwner);
+			$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
 		}
 	}
 } else {
@@ -55,7 +67,7 @@ if (isset($_GET['t'])) {
 	}
 }
 
-if ($linkItem) {
+if (isset($path)) {
 	if (!isset($linkItem['item_type'])) {
 		OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);
 		header('HTTP/1.0 404 Not Found');
@@ -123,20 +135,12 @@ if ($linkItem) {
 	$file = basename($path);
 	// Download the file
 	if (isset($_GET['download'])) {
-		if (isset($_GET['path']) && $_GET['path'] !== '') {
-			if (isset($_GET['files'])) { // download selected files
-				OC_Files::get($path, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-			} else {
-				if (isset($_GET['path']) && $_GET['path'] != '') { // download a file from a shared directory
-					OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-				} else { // download the whole shared directory
-					OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
-				}
-			}
-		} else { // download a single shared file
+		if (isset($_GET['files'])) { // download selected files
+			OC_Files::get($dir, $_GET['files'], $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
+		} else {
 			OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD' ? true : false);
 		}
-
+		exit();
 	} else {
 		OCP\Util::addStyle('files_sharing', 'public');
 		OCP\Util::addScript('files_sharing', 'public');
@@ -147,6 +151,7 @@ if ($linkItem) {
 		$tmpl->assign('dir', $dir);
 		$tmpl->assign('filename', $file);
 		$tmpl->assign('mimetype', \OC\Files\Filesystem::getMimeType($path));
+		$tmpl->assign('fileTarget', basename($linkItem['file_target']));
 		$urlLinkIdentifiers= (isset($token)?'&t='.$token:'')
 							.(isset($_GET['dir'])?'&dir='.$_GET['dir']:'')
 							.(isset($_GET['file'])?'&file='.$_GET['file']:'');
diff --git a/lib/files/filesystem.php b/lib/files/filesystem.php
index 71bf3d8708..a0c3c4b9b7 100644
--- a/lib/files/filesystem.php
+++ b/lib/files/filesystem.php
@@ -190,14 +190,14 @@ class Filesystem {
 		}
 	}
 
-	static public function init($root) {
+	static public function init($user, $root) {
 		if (self::$defaultInstance) {
 			return false;
 		}
 		self::$defaultInstance = new View($root);
 
 		//load custom mount config
-		self::initMountPoints();
+		self::initMountPoints($user);
 
 		self::$loaded = true;
 
diff --git a/lib/util.php b/lib/util.php
index a5fe4cb175..54a3f63404 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -51,7 +51,7 @@ class OC_Util {
 				mkdir( $userdirectory, 0755, true );
 			}
 			//jail the user into his "home" directory
-			\OC\Files\Filesystem::init($user_dir);
+			\OC\Files\Filesystem::init($user, $user_dir);
 
 			$quotaProxy=new OC_FileProxy_Quota();
 			$fileOperationProxy = new OC_FileProxy_FileOperations();