From 66d853680ccc8f579a4b80c85376299b9b98b73b Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <bjoern@schiessle.org>
Date: Wed, 8 Jun 2016 14:59:06 +0200
Subject: block webdav access if share is not readable

---
 apps/dav/appinfo/v1/publicwebdav.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'apps/dav/appinfo/v1/publicwebdav.php')

diff --git a/apps/dav/appinfo/v1/publicwebdav.php b/apps/dav/appinfo/v1/publicwebdav.php
index c6aaab2712f..c6c319aa36d 100644
--- a/apps/dav/appinfo/v1/publicwebdav.php
+++ b/apps/dav/appinfo/v1/publicwebdav.php
@@ -67,8 +67,13 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
 	$share = $authBackend->getShare();
 	$owner = $share->getShareOwner();
 	$isWritable = $share->getPermissions() & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
+	$isReadable = $share->getPermissions() & \OCP\Constants::PERMISSION_READ;
 	$fileId = $share->getNodeId();
 
+	if (!$isReadable) {
+		return false;
+	}
+
 	if (!$isWritable) {
 		\OC\Files\Filesystem::addStorageWrapper('readonly', function ($mountPoint, $storage) {
 			return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));
-- 
cgit v1.2.3