mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/lib/public
History
Lukas Reschke e2453d78c0 Properly catch whether a share is `null` 
Despite it's PHPDoc the function might return `null` which was not properly catched and thus in some situations the share was resolved to the sharing users root directory.

To test this perform the following steps:

* Share file in owncloud 7 (7.0.4.2)
* Delete the parent folder of the shared file
* The share stays is in the DB and the share via the sharelink is inaccessible. (which is good)
* Upgrade to owncloud 8 (8.0.2) (This step is crucial. The bug is not reproduceable without upgrading from 7 to 8. It seems like the old tokens are handled different than the newer ones)
* Optional Step: Logout, Reset Browser Session, etc.
* Access the share via the old share url: almost empty page, but there is a dowload button which adds a "/download" to the URL.
* Upon clicking, a download.zip is downloaded which contains EVERYTHING from the owncloud directory (of the user who shared the file)
* No exception is thrown and no error is logged.

This will add a check whether the share is a valid one and also adds unit tests to prevent further regressions in the future. Needs to be backported to ownCloud 8.

Adding a proper clean-up of the orphaned shares is out-of-scope and would probably require some kind of FK or so.

Fixes https://github.com/owncloud/core/issues/15097
 		2015-03-24 11:21:58 +01:00
..
activity Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
app Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
appframework Properly catch whether a share is `null` 2015-03-24 11:21:58 +01:00
authentication Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
backgroundjob Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
command Allow apps to determine which commands should be run synchronous based on traints 2015-02-25 15:09:41 +01:00
contacts Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
diagnostics Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
files Merge pull request #14704 from owncloud/storage-wrapper-mount 2015-03-19 16:20:38 +01:00
mail Incorporate review changes 2015-03-16 12:47:05 +01:00
preview Create an interface for OC_Image and OCP\Image for the public API 2015-03-16 12:45:15 +01:00
route Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
search Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
security Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
api.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
app.php Use a closure for the files app entry and deprecate old methods 2015-03-17 12:17:09 +01:00
backgroundjob.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
config.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
constants.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
contacts.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
db.php Fix doc blocks of insertIfNotExists() method 2015-03-11 09:05:30 +01:00
defaults.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
files.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
groupinterface.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iaddressbook.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iappconfig.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iavatar.php Create an interface for OC_Image and OCP\Image for the public API 2015-03-16 12:45:15 +01:00
iavatarmanager.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
icache.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
icachefactory.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
icertificate.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
icertificatemanager.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iconfig.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
icontainer.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
idatetimeformatter.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
idatetimezone.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
idb.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
idbconnection.php Also add a note that clob does not work in the compare array 2015-03-16 15:41:00 +01:00
ieventsource.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
igroup.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
igroupmanager.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
ihelper.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iimage.php Remove load*() methods from public interface 2015-03-16 12:57:15 +01:00
il10n.php Fix the behaviour of getLanguageCode() to match the expectation of the name 2015-03-03 16:47:31 +01:00
ilogger.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
image.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
inavigationmanager.php Allow registering closures for navigation entries 2015-03-16 16:17:43 +01:00
ipreview.php Create an interface for OC_Image and OCP\Image for the public API 2015-03-16 12:45:15 +01:00
irequest.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
isearch.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iservercontainer.php Migrate to SwiftMail 2015-03-16 12:47:05 +01:00
isession.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
itagmanager.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
itags.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
itempmanager.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iurlgenerator.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iuser.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iuserbackend.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
iusermanager.php Can also be null 2015-03-13 14:01:24 +01:00
iusersession.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
json.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
preconditionnotmetexception.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
response.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
share.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
share_backend.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
share_backend_collection.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
share_backend_file_dependent.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
template.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
user.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
userinterface.php Revert "Updating license headers" 2015-02-26 11:37:37 +01:00
util.php Don't fallback to Plaintext per default for legacy class 2015-03-16 14:10:03 +01:00