diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2013-09-24 15:26:12 +0400 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2013-10-04 12:31:31 +0400 |
commit | 293e70a6d4d0c8009880c782244b05bc09483bf2 (patch) | |
tree | 5ca7410109d9597b8b6e2cb1e012b44fe33d3ed8 /lib/connector | |
parent | 1bc7ae869aa4887b525b5a8de5d6e7ada99163c8 (diff) |
adding privilege check on move and rename operations
Conflicts:
lib/connector/sabre/objecttree.php
Diffstat (limited to 'lib/connector')
-rw-r--r-- | lib/connector/sabre/node.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php index 1ffa048d6b2..f6a1c56edb8 100644 --- a/lib/connector/sabre/node.php +++ b/lib/connector/sabre/node.php @@ -78,6 +78,11 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr */ public function setName($name) { + // rename is only allowed if the update privilege is granted + if (!\OC\Files\Filesystem::isUpdatable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + list($parentPath, ) = Sabre_DAV_URLUtil::splitPath($this->path); list(, $newName) = Sabre_DAV_URLUtil::splitPath($name); @@ -135,6 +140,12 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr * Even if the modification time is set to a custom value the access time is set to now. */ public function touch($mtime) { + + // touch is only allowed if the update privilege is granted + if (!\OC\Files\Filesystem::isUpdatable($this->path)) { + throw new \Sabre_DAV_Exception_Forbidden(); + } + \OC\Files\Filesystem::touch($this->path, $mtime); } |