mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check share permissions in share controller

This commit is contained in:
Robin Appelman 2016-02-09 13:00:08 +01:00
parent fd9166488b
commit f9f2800016
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/files_sharing/lib/controllers/sharecontroller.php
View File

@ -227,6 +227,16 @@ class ShareController extends Controller {
}
}
/**
* Validate the permissions of the share
*
* @param Share\IShare $share
* @return bool
*/
private function validateShare(\OCP\Share\IShare $share) {
return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}
/**
* @PublicPage
* @NoCSRFRequired
@ -253,6 +263,9 @@ class ShareController extends Controller {
array('token' => $token)));
}
if (!$this->validateShare($share)) {
throw new NotFoundException();
}
// We can't get the path of a file share
try {
if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
@ -371,6 +384,10 @@ class ShareController extends Controller {
$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
$originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
if (!$this->validateShare($share)) {
throw new NotFoundException();
}
// Single file share
if ($share->getNode() instanceof \OCP\Files\File) {
// Single file download