archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for broken ajax/share.php endpoint

Browse Source 
Even more code mess :(
All tests pass again. But I'm really not happy with this endpoint.
remotes/origin/dav-zip-folder
Roeland Jago Douma 9 years ago
parent 4f5ff9c105
commit 9071e756a1
4 changed files with 47 additions and 16 deletions
Show Stats Download Patch File Download Diff File

26
core/ajax/share.php
Unescape Escape View File

@ -48,9 +48,28 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
$shareType = (int)$_POST['shareType'];
$shareWith = $_POST['shareWith'];
$itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
$shareWith = null;
/*
* Nasty nasty fix for https://github.com/owncloud/core/issues/19950
*/
$passwordChanged = null;
if (is_array($shareWith)) {
$passwordChanged = ($shareWith['passwordChanged'] === 'true');
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith['password'] === '') {
$shareWith = null;
} else {
$shareWith = $shareWith['password'];
}
} else {
/*
* We need this branch since the calendar and contacts also use this
* endpoint
*/
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith === '') {
$shareWith = null;
}
}
$itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
$token = OCP\Share::shareItem(
@ -60,7 +79,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
$shareWith,
$_POST['permissions'],
$itemSourceName,
(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null)
(!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null),
$passwordChanged
);
if (is_string($token)) {

6
core/js/tests/specs/sharedialogviewSpec.js
Unescape Escape View File

@ -146,7 +146,8 @@ describe('OC.Share.ShareDialogView', function() {
expect(fakeServer.requests[1].method).toEqual('POST');
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
expect(body.shareWith).toEqual('foo');
expect(body['shareWith[password]']).toEqual('foo');
expect(body['shareWith[passwordChanged]']).toEqual('true');
fetchStub.reset();
@ -185,7 +186,8 @@ describe('OC.Share.ShareDialogView', function() {
expect(fakeServer.requests[1].method).toEqual('POST');
var body = OC.parseQueryString(fakeServer.requests[1].requestBody);
expect(body.shareWith).toEqual('foo');
expect(body['shareWith[password]']).toEqual('foo');
expect(body['shareWith[passwordChanged]']).toEqual('true');
fetchStub.reset();

24
lib/private/share/share.php
Unescape Escape View File

@ -597,11 +597,12 @@ class Share extends Constants {
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @param bool $passwordChanged
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) {
$backend = self::getBackend($itemType);
$l = \OC::$server->getL10N('lib');
@ -775,19 +776,26 @@ class Share extends Constants {
$updateExistingShare = true;
}
// Generate hash of password if the password was changed on the client
if (isset($shareWith['passwordChanged']) && $shareWith['passwordChanged'] === 'true') {
$shareWith = $shareWith['password'];
if ($passwordChanged === null) {
// Generate hash of password - same method as user passwords
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int)$permissions !== (int)$oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
} else {
// reuse the existing password if it was not updated from the client
if ($updateExistingShare) {
if ($passwordChanged === true) {
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
}
} else if ($updateExistingShare) {
$shareWith = $checkExists['share_with'];
} else {
$shareWith = '';
}
}

7
lib/public/share.php
Unescape Escape View File

@ -255,13 +255,14 @@ class Share extends \OC\Share\Constants {
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @param bool $passwordChanged
* @return bool|string Returns true on success or false on failure, Returns token on success for links
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
* @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0
* @since 5.0.0 - parameter $itemSourceName was added in 6.0.0, parameter $expirationDate was added in 7.0.0, paramter $passwordChanged added in 9.0.0
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null) {
return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate);
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null) {
return \OC\Share\Share::shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName, $expirationDate, $passwordChanged);
}
/**

Write Preview
Loading…
Cancel
Save