Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/apps/dav/appinfo/v1/publicwebdav.php
diff options
context:
space:
mode:
authorBjoern Schiessle <bjoern@schiessle.org>2016-06-08 15:59:06 +0300
committerLukas Reschke <lukas@owncloud.com>2016-06-09 16:15:17 +0300
commit66d853680ccc8f579a4b80c85376299b9b98b73b (patch)
tree4a651d75414082aee902074b27e5cf8b0e20d035 /apps/dav/appinfo/v1/publicwebdav.php
parentbb54ab0db8bfa1ea62bfa2404cb084a9a68d6e20 (diff)
block webdav access if share is not readable
Diffstat (limited to 'apps/dav/appinfo/v1/publicwebdav.php')
-rw-r--r--apps/dav/appinfo/v1/publicwebdav.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php
index c6aaab2712f..c6c319aa36d 100644
--- a/apps/dav/appinfo/v1/publicwebdav.php
+++ b/apps/dav/appinfo/v1/publicwebdav.php
@@ -67,8 +67,13 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
$share = $authBackend->getShare();
$owner = $share->getShareOwner();
$isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
+ $isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
$fileId = $share->getNodeId();
+ if (!$isReadable) {
+ return false;
+ }
+
if (!$isWritable) {
\OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) {
return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 20:28:37 +0300