mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-24 23:08:53 +01:00
fix hidden upload sharing incl. use of multiple share-links in tabs
This commit is contained in:
parent
ec18782513
commit
06907d040b
@ -93,8 +93,12 @@ class Sharing
|
||||
/**
|
||||
* Get token from url
|
||||
*/
|
||||
public static function get_token()
|
||||
public static function get_token($path=null)
|
||||
{
|
||||
if (!empty($path) && preg_match('|/share.php/([^/]+)|', $path, $matches))
|
||||
{
|
||||
return $matches[1];
|
||||
}
|
||||
// WebDAV has no concept of a query string and clients (including cadaver)
|
||||
// seem to pass '?' unencoded, so we need to extract the path info out
|
||||
// of the request URI ourselves
|
||||
|
@ -63,11 +63,12 @@ class HiddenUploadSharing extends Sharing
|
||||
$GLOBALS['egw_info']['server']['vfs_fstab'] = Vfs::mount();
|
||||
Vfs::clearstatcache();
|
||||
$resolve_url = Vfs::resolve_url($share['share_path'], true, true, true, true);
|
||||
$upload_dir = Vfs::concat($resolve_url, self::HIDDEN_UPLOAD_DIR);
|
||||
|
||||
// Parent mounts the root read-only
|
||||
parent::setup_share(true, $share);
|
||||
|
||||
// upload dir needs the full url incl. share owner, but not readonly
|
||||
$upload_dir = Vfs::concat(str_replace('?ro=1', '', $share['resolve_url']), self::HIDDEN_UPLOAD_DIR);
|
||||
$upload_mount = Vfs::concat($share['share_root'], self::HIDDEN_UPLOAD_DIR);
|
||||
|
||||
// Mounting upload dir, has original share owner access (write)
|
||||
|
@ -63,7 +63,7 @@ class HiddenUpload extends AnonymousList
|
||||
* @param string $action Should be 'upload'
|
||||
* @param $selected Array of file information
|
||||
* @param string $dir Target directory
|
||||
* @param $props
|
||||
* @param $props path the sharing UI is running eg. "/egroupware/share.php/<token>"
|
||||
* @param string[] $arr Result
|
||||
*
|
||||
* @throws Api\Exception\AssertionFailed
|
||||
@ -72,10 +72,17 @@ class HiddenUpload extends AnonymousList
|
||||
{
|
||||
Translation::add_app('filemanager');
|
||||
$vfs = Vfs::mount();
|
||||
$GLOBALS['egw']->sharing[Sharing::get_token()]->redo();
|
||||
parent::handle_upload_action($action, $selected, $dir, $props, $arr);
|
||||
$arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link.");
|
||||
$arr['type'] = 'notice';
|
||||
$GLOBALS['egw']->sharing[Sharing::get_token($props)]->redo();
|
||||
parent::handle_upload_action($action, $selected, $dir, null, $arr);
|
||||
if ($arr['files'])
|
||||
{
|
||||
$arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link.");
|
||||
$arr['type'] = 'notice';
|
||||
}
|
||||
else
|
||||
{
|
||||
$arr['type'] = 'error';
|
||||
}
|
||||
}
|
||||
|
||||
protected function is_hidden_upload_dir($directory)
|
||||
@ -98,8 +105,8 @@ class HiddenUpload extends AnonymousList
|
||||
*/
|
||||
function get_rows(&$query, &$rows)
|
||||
{
|
||||
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token(), $GLOBALS['egw']->sharing) &&
|
||||
$GLOBALS['egw']->sharing[Sharing::get_token()]->has_hidden_upload());
|
||||
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token($_SERVER['HTTP_REFERER']), $GLOBALS['egw']->sharing) &&
|
||||
$GLOBALS['egw']->sharing[Sharing::get_token($_SERVER['HTTP_REFERER'])]->has_hidden_upload());
|
||||
|
||||
// Not allowed in hidden upload dir
|
||||
$check_path = Sharing::HIDDEN_UPLOAD_DIR . (substr($query['path'], -1) == '/' ? '/' : '');
|
||||
|
Loading…
Reference in New Issue
Block a user