diff --git a/apps/files_sharing/api/local.php b/apps/files_sharing/api/local.php index eb0e0e0d84..eeb3189983 100644 --- a/apps/files_sharing/api/local.php +++ b/apps/files_sharing/api/local.php @@ -258,6 +258,7 @@ class Local { $itemSource = self::getFileId($path); $itemSourceName = $itemSource; $itemType = self::getItemType($path); + $expirationDate = null; if($itemSource === null) { return new \OC_OCS_Result(null, 404, "wrong path, file/folder doesn't exist."); @@ -286,6 +287,14 @@ class Local { // read, create, update (7) if public upload is enabled or // read (1) if public upload is disabled $permissions = $publicUpload === 'true' ? 7 : 1; + + // Get the expiration date + try { + $expirationDate = isset($_POST['expireDate']) ? self::parseDate($_POST['expireDate']) : null; + } catch (\Exception $e) { + return new \OC_OCS_Result(null, 404, 'Invalid Date'); + } + break; default: return new \OC_OCS_Result(null, 400, "unknown share type"); @@ -302,8 +311,9 @@ class Local { $shareType, $shareWith, $permissions, - $itemSourceName - ); + $itemSourceName, + $expirationDate + ); } catch (HintException $e) { return new \OC_OCS_Result(null, 400, $e->getHint()); } catch (\Exception $e) { @@ -537,6 +547,30 @@ class Local { } } + /** + * Make sure that the passed date is valid ISO 8601 + * So YYYY-MM-DD + * If not throw an exception + * + * @param string $expireDate + * + * @throws \Exception + * @return \DateTime + */ + private static function parseDate($expireDate) { + if (preg_match('/^\d{4}-\d{2}-\d{2}$/', $expireDate) === 0) { + throw new \Exception(); + } + + $date = new \DateTime($expireDate); + + if ($date === false) { + throw new \Exception(); + } + + return $date; + } + /** * get file ID from a given path * @param string $path diff --git a/apps/files_sharing/tests/api.php b/apps/files_sharing/tests/api.php index 3bd568e47a..a9b6ee9f64 100644 --- a/apps/files_sharing/tests/api.php +++ b/apps/files_sharing/tests/api.php @@ -1487,4 +1487,60 @@ class Test_Files_Sharing_Api extends TestCase { $config->setAppValue('core', 'shareapi_enforce_expire_date', 'no'); } + + public function datesProvider() { + $date = new \DateTime(); + $date->add(new \DateInterval('P5D')); + + $year = (int)$date->format('Y'); + + return [ + [$date->format('Y-m-d'), true], + [$year+1 . '-1-1', false], + [$date->format('Y-m-dTH:m'), false], + ['abc', false], + [$date->format('Y-m-d') . 'xyz', false], + ]; + } + + /** + * Make sure only ISO 8601 dates are accepted + * + * @dataProvider datesProvider + */ + public function testPublicLinkExpireDate($date, $valid) { + $_POST['path'] = $this->folder; + $_POST['shareType'] = \OCP\Share::SHARE_TYPE_LINK; + $_POST['expireDate'] = $date; + + $result = \OCA\Files_Sharing\API\Local::createShare([]); + + if ($valid === false) { + $this->assertFalse($result->succeeded()); + $this->assertEquals(404, $result->getStatusCode()); + $this->assertEquals('Invalid Date', $result->getMeta()['message']); + return; + } + + $this->assertTrue($result->succeeded()); + + $data = $result->getData(); + $this->assertTrue(is_string($data['token'])); + + // check for correct link + $url = \OC::$server->getURLGenerator()->getAbsoluteURL('/index.php/s/' . $data['token']); + $this->assertEquals($url, $data['url']); + + + $share = $this->getShareFromId($data['id']); + $items = \OCP\Share::getItemShared('file', $share['item_source']); + $this->assertTrue(!empty($items)); + + $item = reset($items); + $this->assertTrue(is_array($item)); + $this->assertEquals($date, substr($item['expiration'], 0, 10)); + + $fileinfo = $this->view->getFileInfo($this->folder); + \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_LINK, null); + } }