From 4045c7be73c86125666551eba39b03e65716dd44 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Thu, 1 Dec 2016 16:10:15 +0100
Subject: [PATCH] [stable10] On write-only shares do not allow to specify
 subfolders

In case of a write-only share we should not allow to specify a subfolder as this is unexpected behaviour.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
---
 apps/files/ajax/upload.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 9de5c0bce3..5908b6d664 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -56,13 +56,22 @@ if (empty($_POST['dirToken'])) {
 		die();
 	}
 } else {
+	$shareManager = \OC::$server->getShareManager();
+	$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
+
 	// TODO: ideally this code should be in files_sharing/ajax/upload.php
 	// and the upload/file transfer code needs to be refactored into a utility method
 	// that could be used there
 
 	\OC_User::setIncognitoMode(true);
 
-	$publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/';
+	// If it is a write-only folder no subdirectory can be specified
+	$publicDirectory = '';
+	if ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) {
+		$publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/';
+	} else {
+		$_POST['file_directory'] = '';
+	}
 
 	$linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']);
 	if ($linkItem === false) {
@@ -165,8 +174,6 @@ if (\OC\Files\Filesystem::isValidPath($dir) === true) {
 
 		if(isset($_POST['dirToken'])) {
 			// If it is a read only share the resolution will always be autorename
-			$shareManager = \OC::$server->getShareManager();
-			$share = $shareManager->getShareByToken((string)$_POST['dirToken']);
 			if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
 				$resolution = 'autorename';
 			}