extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 12:39:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix hidden upload sharing incl. use of multiple share-links in tabs

Browse Source
This commit is contained in:
Ralf Becker 2021-03-16 15:02:46 +02:00
parent ec18782513
commit 06907d040b
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/Sharing.php
View File

@ -93,8 +93,12 @@ class Sharing
/**
* Get token from url
*/
public static function get_token()
public static function get_token($path=null)
{
if (!empty($path) && preg_match('|/share.php/([^/]+)|', $path, $matches))
{
return $matches[1];
}
// WebDAV has no concept of a query string and clients (including cadaver)
// seem to pass '?' unencoded, so we need to extract the path info out
// of the request URI ourselves

3
api/src/Vfs/HiddenUploadSharing.php
View File

@ -63,11 +63,12 @@ class HiddenUploadSharing extends Sharing
$GLOBALS['egw_info']['server']['vfs_fstab'] = Vfs::mount();
Vfs::clearstatcache();
$resolve_url = Vfs::resolve_url($share['share_path'], true, true, true, true);
$upload_dir = Vfs::concat($resolve_url, self::HIDDEN_UPLOAD_DIR);
// Parent mounts the root read-only
parent::setup_share(true, $share);
// upload dir needs the full url incl. share owner, but not readonly
$upload_dir = Vfs::concat(str_replace('?ro=1', '', $share['resolve_url']), self::HIDDEN_UPLOAD_DIR);
$upload_mount = Vfs::concat($share['share_root'], self::HIDDEN_UPLOAD_DIR);
// Mounting upload dir, has original share owner access (write)

17
filemanager/src/Sharing/HiddenUpload.php
View File

@ -63,7 +63,7 @@ class HiddenUpload extends AnonymousList
* @param string $action Should be 'upload'
* @param $selected Array of file information
* @param string $dir Target directory
* @param $props
* @param $props path the sharing UI is running eg. "/egroupware/share.php/<token>"
* @param string[] $arr Result
*
* @throws Api\Exception\AssertionFailed
@ -72,11 +72,18 @@ class HiddenUpload extends AnonymousList
{
Translation::add_app('filemanager');
$vfs = Vfs::mount();
$GLOBALS['egw']->sharing[Sharing::get_token()]->redo();
parent::handle_upload_action($action, $selected, $dir, $props, $arr);
$GLOBALS['egw']->sharing[Sharing::get_token($props)]->redo();
parent::handle_upload_action($action, $selected, $dir, null, $arr);
if ($arr['files'])
{
$arr['msg'] .= "\n" . lang("The uploaded file is only visible to the person sharing these files with you, not to yourself or other people knowing this sharing link.");
$arr['type'] = 'notice';
}
else
{
$arr['type'] = 'error';
}
}
protected function is_hidden_upload_dir($directory)
{
@ -98,8 +105,8 @@ class HiddenUpload extends AnonymousList
*/
function get_rows(&$query, &$rows)
{
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token(), $GLOBALS['egw']->sharing) &&
$GLOBALS['egw']->sharing[Sharing::get_token()]->has_hidden_upload());
$hidden_upload = (isset($GLOBALS['egw']->sharing) && array_key_exists(Vfs\Sharing::get_token($_SERVER['HTTP_REFERER']), $GLOBALS['egw']->sharing) &&
$GLOBALS['egw']->sharing[Sharing::get_token($_SERVER['HTTP_REFERER'])]->has_hidden_upload());
// Not allowed in hidden upload dir
$check_path = Sharing::HIDDEN_UPLOAD_DIR . (substr($query['path'], -1) == '/' ? '/' : '');