Fixed upload permissions distinction between public and logged in upload

Fixes #5370
This commit is contained in:
Vincent Petry 2013-10-17 10:46:55 +02:00
parent 04783da829
commit 9cfb438ff7

View file

@ -7,6 +7,8 @@ OCP\JSON::setContentTypeHeader('text/plain');
// If not, check the login. // If not, check the login.
// If no token is sent along, rely on login only // If no token is sent along, rely on login only
$allowedPermissions = OCP\PERMISSION_ALL;
$l = OC_L10N::get('files'); $l = OC_L10N::get('files');
if (empty($_POST['dirToken'])) { if (empty($_POST['dirToken'])) {
// The standard case, files are uploaded through logged in users :) // The standard case, files are uploaded through logged in users :)
@ -17,6 +19,9 @@ if (empty($_POST['dirToken'])) {
die(); die();
} }
} else { } else {
// return only read permissions for public upload
$allowedPermissions = OCP\PERMISSION_READ;
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']); $linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
if ($linkItem === false) { if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
@ -130,7 +135,7 @@ if (strpos($dir, '..') === false) {
'originalname' => $files['tmp_name'][$i], 'originalname' => $files['tmp_name'][$i],
'uploadMaxFilesize' => $maxUploadFileSize, 'uploadMaxFilesize' => $maxUploadFileSize,
'maxHumanFilesize' => $maxHumanFileSize, 'maxHumanFilesize' => $maxHumanFileSize,
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ 'permissions' => $meta['permissions'] & $allowedPermissions
); );
} }
@ -156,7 +161,7 @@ if (strpos($dir, '..') === false) {
'originalname' => $files['tmp_name'][$i], 'originalname' => $files['tmp_name'][$i],
'uploadMaxFilesize' => $maxUploadFileSize, 'uploadMaxFilesize' => $maxUploadFileSize,
'maxHumanFilesize' => $maxHumanFileSize, 'maxHumanFilesize' => $maxHumanFileSize,
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ 'permissions' => $meta['permissions'] & $allowedPermissions
); );
} }
} }