wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed upload permissions distinction between public and logged in upload

Browse source 
Fixes #5370
This commit is contained in:
Vincent Petry 2013-10-17 10:46:55 +02:00
parent 04783da829
commit 9cfb438ff7
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apps/files/ajax/upload.php
View file

@ -7,6 +7,8 @@ OCP\JSON::setContentTypeHeader('text/plain');
// If not, check the login.
// If no token is sent along, rely on login only
$allowedPermissions = OCP\PERMISSION_ALL;
$l = OC_L10N::get('files');
if (empty($_POST['dirToken'])) {
// The standard case, files are uploaded through logged in users :)
@ -17,6 +19,9 @@ if (empty($_POST['dirToken'])) {
die();
}
} else {
// return only read permissions for public upload
$allowedPermissions = OCP\PERMISSION_READ;
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
@ -130,7 +135,7 @@ if (strpos($dir, '..') === false) {
'originalname' => $files['tmp_name'][$i],
'uploadMaxFilesize' => $maxUploadFileSize,
'maxHumanFilesize' => $maxHumanFileSize,
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ
'permissions' => $meta['permissions'] & $allowedPermissions
);
}
@ -156,7 +161,7 @@ if (strpos($dir, '..') === false) {
'originalname' => $files['tmp_name'][$i],
'uploadMaxFilesize' => $maxUploadFileSize,
'maxHumanFilesize' => $maxHumanFileSize,
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ
'permissions' => $meta['permissions'] & $allowedPermissions
);
}
}