From 06907d040bff0c2c3b772ae624f30ed16a3a129e Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 16 Mar 2021 15:02:46 +0200 Subject: [PATCH] fix hidden upload sharing incl. use of multiple share-links in tabs --- api/src/Sharing.php | 6 +++++- api/src/Vfs/HiddenUploadSharing.php | 3 ++- filemanager/src/Sharing/HiddenUpload.php | 21 ++++++++++++++------- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/api/src/Sharing.php b/api/src/Sharing.php index be5287aae4..e9c35b9ca0 100644 --- a/api/src/Sharing.php +++ b/api/src/Sharing.php @@ -93,8 +93,12 @@ class Sharing /** * Get token from url */ - public static function get_token() + public static function get_token($path=null) { + if (!empty($path) && preg_match('|/share.php/([^/]+)|', $path, $matches)) + { + return $matches[1]; + } // WebDAV has no concept of a query string and clients (including cadaver) // seem to pass '?' unencoded, so we need to extract the path info out // of the request URI ourselves diff --git a/api/src/Vfs/HiddenUploadSharing.php b/api/src/Vfs/HiddenUploadSharing.php index aab3bac3a1..8277607a27 100644 --- a/api/src/Vfs/HiddenUploadSharing.php +++ b/api/src/Vfs/HiddenUploadSharing.php @@ -63,11 +63,12 @@ class HiddenUploadSharing extends Sharing $GLOBALS['egw_info']['server']['vfs_fstab'] = Vfs::mount(); Vfs::clearstatcache(); $resolve_url = Vfs::resolve_url($share['share_path'], true, true, true, true); - $upload_dir = Vfs::concat($resolve_url, self::HIDDEN_UPLOAD_DIR); // Parent mounts the root read-only parent::setup_share(true, $share); + // upload dir needs the full url incl. share owner, but not readonly + $upload_dir = Vfs::concat(str_replace('?ro=1', '', $share['resolve_url']), self::HIDDEN_UPLOAD_DIR); $upload_mount = Vfs::concat($share['share_root'], self::HIDDEN_UPLOAD_DIR); // Mounting upload dir, has original share owner access (write) diff --git a/filemanager/src/Sharing/HiddenUpload.php b/filemanager/src/Sharing/HiddenUpload.php index e0ae041b13..c933c8657d 100644 --- a/filemanager/src/Sharing/HiddenUpload.php +++ b/filemanager/src/Sharing/HiddenUpload.php @@ -63,7 +63,7 @@ class HiddenUpload extends AnonymousList * @param string $action Should be 'upload' * @param $selected Array of file information * @param string $dir Target directory - * @param $props + * @param $props path the sharing UI is running eg. "/egroupware/share.php/" * @param string[] $arr Result * * @throws Api\Exception\AssertionFailed @@ -72,10 +72,17 @@ class HiddenUpload extends AnonymousList { Translation::add_app('filemanager'); $vfs = Vfs::mount(); - $GLOBALS['egw']->sharing[Sharing::get_token()]->redo(); - parent::handle_upload_action($action, $selected, $dir, $props, $arr); - $arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link."); - $arr['type'] = 'notice'; + $GLOBALS['egw']->sharing[Sharing::get_token($props)]->redo(); + parent::handle_upload_action($action, $selected, $dir, null, $arr); + if ($arr['files']) + { + $arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link."); + $arr['type'] = 'notice'; + } + else + { + $arr['type'] = 'error'; + } } protected function is_hidden_upload_dir($directory) @@ -98,8 +105,8 @@ class HiddenUpload extends AnonymousList */ function get_rows(&$query, &$rows) { - $hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token(), $GLOBALS['egw']->sharing) && - $GLOBALS['egw']->sharing[Sharing::get_token()]->has_hidden_upload()); + $hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token($_SERVER['HTTP_REFERER']), $GLOBALS['egw']->sharing) && + $GLOBALS['egw']->sharing[Sharing::get_token($_SERVER['HTTP_REFERER'])]->has_hidden_upload()); // Not allowed in hidden upload dir $check_path = Sharing::HIDDEN_UPLOAD_DIR . (substr($query['path'], -1) == '/' ? '/' : '');