Fixed upload permissions distinction between public and logged in upload
Fixes #5370
This commit is contained in:
parent
04783da829
commit
9cfb438ff7
1 changed files with 7 additions and 2 deletions
|
@ -7,6 +7,8 @@ OCP\JSON::setContentTypeHeader('text/plain');
|
||||||
// If not, check the login.
|
// If not, check the login.
|
||||||
// If no token is sent along, rely on login only
|
// If no token is sent along, rely on login only
|
||||||
|
|
||||||
|
$allowedPermissions = OCP\PERMISSION_ALL;
|
||||||
|
|
||||||
$l = OC_L10N::get('files');
|
$l = OC_L10N::get('files');
|
||||||
if (empty($_POST['dirToken'])) {
|
if (empty($_POST['dirToken'])) {
|
||||||
// The standard case, files are uploaded through logged in users :)
|
// The standard case, files are uploaded through logged in users :)
|
||||||
|
@ -17,6 +19,9 @@ if (empty($_POST['dirToken'])) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
// return only read permissions for public upload
|
||||||
|
$allowedPermissions = OCP\PERMISSION_READ;
|
||||||
|
|
||||||
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
|
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
|
||||||
if ($linkItem === false) {
|
if ($linkItem === false) {
|
||||||
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
|
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
|
||||||
|
@ -130,7 +135,7 @@ if (strpos($dir, '..') === false) {
|
||||||
'originalname' => $files['tmp_name'][$i],
|
'originalname' => $files['tmp_name'][$i],
|
||||||
'uploadMaxFilesize' => $maxUploadFileSize,
|
'uploadMaxFilesize' => $maxUploadFileSize,
|
||||||
'maxHumanFilesize' => $maxHumanFileSize,
|
'maxHumanFilesize' => $maxHumanFileSize,
|
||||||
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ
|
'permissions' => $meta['permissions'] & $allowedPermissions
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -156,7 +161,7 @@ if (strpos($dir, '..') === false) {
|
||||||
'originalname' => $files['tmp_name'][$i],
|
'originalname' => $files['tmp_name'][$i],
|
||||||
'uploadMaxFilesize' => $maxUploadFileSize,
|
'uploadMaxFilesize' => $maxUploadFileSize,
|
||||||
'maxHumanFilesize' => $maxHumanFileSize,
|
'maxHumanFilesize' => $maxHumanFileSize,
|
||||||
'permissions' => $meta['permissions'] & OCP\PERMISSION_READ
|
'permissions' => $meta['permissions'] & $allowedPermissions
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue