mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check share permissions in share controller

This commit is contained in:
Robin Appelman 2016-02-09 13:00:08 +01:00
parent fd9166488b
commit f9f2800016
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
apps/files_sharing/lib/controllers/sharecontroller.php
View File

@ -227,6 +227,16 @@ class ShareController extends Controller {
} }
} }
/**
* Validate the permissions of the share
*
* @param Share\IShare $share
* @return bool
*/
private function validateShare(\OCP\Share\IShare $share) {
return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}
/** /**
* @PublicPage * @PublicPage
* @NoCSRFRequired * @NoCSRFRequired
@ -253,6 +263,9 @@ class ShareController extends Controller {
array('token' => $token))); array('token' => $token)));
} }
if (!$this->validateShare($share)) {
throw new NotFoundException();
}
// We can't get the path of a file share // We can't get the path of a file share
try { try {
if ($share->getNode() instanceof \OCP\Files\File && $path !== '') { if ($share->getNode() instanceof \OCP\Files\File && $path !== '') {
@ -371,6 +384,10 @@ class ShareController extends Controller {
$userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
$originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath()); $originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath());
if (!$this->validateShare($share)) {
throw new NotFoundException();
}
// Single file share // Single file share
if ($share->getNode() instanceof \OCP\Files\File) { if ($share->getNode() instanceof \OCP\Files\File) {
// Single file download // Single file download