mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-05 05:29:13 +01:00
fix hidden upload sharing incl. use of multiple share-links in tabs
This commit is contained in:
parent
ec18782513
commit
06907d040b
@ -93,8 +93,12 @@ class Sharing
|
|||||||
/**
|
/**
|
||||||
* Get token from url
|
* Get token from url
|
||||||
*/
|
*/
|
||||||
public static function get_token()
|
public static function get_token($path=null)
|
||||||
{
|
{
|
||||||
|
if (!empty($path) && preg_match('|/share.php/([^/]+)|', $path, $matches))
|
||||||
|
{
|
||||||
|
return $matches[1];
|
||||||
|
}
|
||||||
// WebDAV has no concept of a query string and clients (including cadaver)
|
// WebDAV has no concept of a query string and clients (including cadaver)
|
||||||
// seem to pass '?' unencoded, so we need to extract the path info out
|
// seem to pass '?' unencoded, so we need to extract the path info out
|
||||||
// of the request URI ourselves
|
// of the request URI ourselves
|
||||||
|
@ -63,11 +63,12 @@ class HiddenUploadSharing extends Sharing
|
|||||||
$GLOBALS['egw_info']['server']['vfs_fstab'] = Vfs::mount();
|
$GLOBALS['egw_info']['server']['vfs_fstab'] = Vfs::mount();
|
||||||
Vfs::clearstatcache();
|
Vfs::clearstatcache();
|
||||||
$resolve_url = Vfs::resolve_url($share['share_path'], true, true, true, true);
|
$resolve_url = Vfs::resolve_url($share['share_path'], true, true, true, true);
|
||||||
$upload_dir = Vfs::concat($resolve_url, self::HIDDEN_UPLOAD_DIR);
|
|
||||||
|
|
||||||
// Parent mounts the root read-only
|
// Parent mounts the root read-only
|
||||||
parent::setup_share(true, $share);
|
parent::setup_share(true, $share);
|
||||||
|
|
||||||
|
// upload dir needs the full url incl. share owner, but not readonly
|
||||||
|
$upload_dir = Vfs::concat(str_replace('?ro=1', '', $share['resolve_url']), self::HIDDEN_UPLOAD_DIR);
|
||||||
$upload_mount = Vfs::concat($share['share_root'], self::HIDDEN_UPLOAD_DIR);
|
$upload_mount = Vfs::concat($share['share_root'], self::HIDDEN_UPLOAD_DIR);
|
||||||
|
|
||||||
// Mounting upload dir, has original share owner access (write)
|
// Mounting upload dir, has original share owner access (write)
|
||||||
|
@ -63,7 +63,7 @@ class HiddenUpload extends AnonymousList
|
|||||||
* @param string $action Should be 'upload'
|
* @param string $action Should be 'upload'
|
||||||
* @param $selected Array of file information
|
* @param $selected Array of file information
|
||||||
* @param string $dir Target directory
|
* @param string $dir Target directory
|
||||||
* @param $props
|
* @param $props path the sharing UI is running eg. "/egroupware/share.php/<token>"
|
||||||
* @param string[] $arr Result
|
* @param string[] $arr Result
|
||||||
*
|
*
|
||||||
* @throws Api\Exception\AssertionFailed
|
* @throws Api\Exception\AssertionFailed
|
||||||
@ -72,10 +72,17 @@ class HiddenUpload extends AnonymousList
|
|||||||
{
|
{
|
||||||
Translation::add_app('filemanager');
|
Translation::add_app('filemanager');
|
||||||
$vfs = Vfs::mount();
|
$vfs = Vfs::mount();
|
||||||
$GLOBALS['egw']->sharing[Sharing::get_token()]->redo();
|
$GLOBALS['egw']->sharing[Sharing::get_token($props)]->redo();
|
||||||
parent::handle_upload_action($action, $selected, $dir, $props, $arr);
|
parent::handle_upload_action($action, $selected, $dir, null, $arr);
|
||||||
$arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link.");
|
if ($arr['files'])
|
||||||
$arr['type'] = 'notice';
|
{
|
||||||
|
$arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link.");
|
||||||
|
$arr['type'] = 'notice';
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$arr['type'] = 'error';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function is_hidden_upload_dir($directory)
|
protected function is_hidden_upload_dir($directory)
|
||||||
@ -98,8 +105,8 @@ class HiddenUpload extends AnonymousList
|
|||||||
*/
|
*/
|
||||||
function get_rows(&$query, &$rows)
|
function get_rows(&$query, &$rows)
|
||||||
{
|
{
|
||||||
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token(), $GLOBALS['egw']->sharing) &&
|
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token($_SERVER['HTTP_REFERER']), $GLOBALS['egw']->sharing) &&
|
||||||
$GLOBALS['egw']->sharing[Sharing::get_token()]->has_hidden_upload());
|
$GLOBALS['egw']->sharing[Sharing::get_token($_SERVER['HTTP_REFERER'])]->has_hidden_upload());
|
||||||
|
|
||||||
// Not allowed in hidden upload dir
|
// Not allowed in hidden upload dir
|
||||||
$check_path = Sharing::HIDDEN_UPLOAD_DIR . (substr($query['path'], -1) == '/' ? '/' : '');
|
$check_path = Sharing::HIDDEN_UPLOAD_DIR . (substr($query['path'], -1) == '/' ? '/' : '');
|
||||||
|
Loading…
Reference in New Issue
Block a user