[Pkg-owncloud-commits] [owncloud] 16/42: OC_Util::setupFS($user) will create a data dir for the given string - no matter if the user really exists - OCP\JSON::checkUserExists($owner); introduces a ready to use check which will bail out with an JSON error

David Prévot taffit at moszumanska.debian.org
Wed Jan 22 21:21:48 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit b722ce6cc3e98538982c977ff410ec5008f41760
Author: Thomas Müller <thomas.mueller at tmit.eu>
Date:   Tue Jan 21 11:32:30 2014 +0100

    OC_Util::setupFS($user) will create a data dir for the given string - no matter if the user really exists - OCP\JSON::checkUserExists($owner); introduces a ready to use check which will bail out with an JSON error
    
    Conflicts:
    	lib/public/json.php
---
 apps/files/ajax/upload.php                |  1 +
 apps/files/triggerupdate.php              |  1 +
 apps/files_sharing/ajax/publicpreview.php |  3 ++-
 apps/files_sharing/appinfo/update.php     |  1 +
 apps/files_sharing/public.php             |  6 +++---
 lib/private/json.php                      | 14 ++++++++++++++
 lib/private/util.php                      |  4 ++++
 lib/public/json.php                       | 10 +++++++++-
 8 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 0e905f9..bdaf6a7 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -34,6 +34,7 @@ if (empty($_POST['dirToken'])) {
 		// resolve reshares
 		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
 
+		OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
 		// Setup FS with owner
 		OC_Util::tearDownFS();
 		OC_Util::setupFS($rootLinkItem['uid_owner']);
diff --git a/apps/files/triggerupdate.php b/apps/files/triggerupdate.php
index 0e29edb..a37b982 100644
--- a/apps/files/triggerupdate.php
+++ b/apps/files/triggerupdate.php
@@ -6,6 +6,7 @@ if (OC::$CLI) {
 	if (count($argv) === 2) {
 		$file = $argv[1];
 		list(, $user) = explode('/', $file);
+		OCP\JSON::checkUserExists($owner);
 		OC_Util::setupFS($user);
 		$view = new \OC\Files\View('');
 		/**
diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
index 54a9806..a52f522 100644
--- a/apps/files_sharing/ajax/publicpreview.php
+++ b/apps/files_sharing/ajax/publicpreview.php
@@ -39,6 +39,7 @@ if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
 $rootLinkItem = OCP\Share::resolveReShare($linkedItem);
 $userId = $rootLinkItem['uid_owner'];
 
+OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
 \OC_Util::setupFS($userId);
 \OC\Files\Filesystem::initMountPoints($userId);
 $view = new \OC\Files\View('/' . $userId . '/files');
@@ -88,4 +89,4 @@ try{
 } catch (\Exception $e) {
 	\OC_Response::setStatus(500);
 	\OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG);
-}
\ No newline at end of file
+}
diff --git a/apps/files_sharing/appinfo/update.php b/apps/files_sharing/appinfo/update.php
index 0d827da..4b716e7 100644
--- a/apps/files_sharing/appinfo/update.php
+++ b/apps/files_sharing/appinfo/update.php
@@ -44,6 +44,7 @@ if (version_compare($installedVersion, '0.3', '<')) {
 				$shareType = OCP\Share::SHARE_TYPE_USER;
 				$shareWith = $row['uid_shared_with'];
 			}
+			OCP\JSON::checkUserExists($row['uid_owner']);
 			OC_User::setUserId($row['uid_owner']);
 			//we need to setup the filesystem for the user, otherwise OC_FileSystem::getRoot will fail and break
 			OC_Util::setupFS($row['uid_owner']);
diff --git a/apps/files_sharing/public.php b/apps/files_sharing/public.php
index f4042f6..ce7e4db 100644
--- a/apps/files_sharing/public.php
+++ b/apps/files_sharing/public.php
@@ -43,10 +43,10 @@ if (isset($_GET['t'])) {
 		$shareOwner = $linkItem['uid_owner'];
 		$path = null;
 		$rootLinkItem = OCP\Share::resolveReShare($linkItem);
-		$fileOwner = $rootLinkItem['uid_owner'];
-		if (isset($fileOwner)) {
+		if (isset($rootLinkItem['uid_owner'])) {
+			OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
 			OC_Util::tearDownFS();
-			OC_Util::setupFS($fileOwner);
+			OC_Util::setupFS($rootLinkItem['uid_owner']);
 			$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
 		}
 	}
diff --git a/lib/private/json.php b/lib/private/json.php
index 6ba0b13..d7a4b5a 100644
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -65,6 +65,20 @@ class OC_JSON{
 	}
 
 	/**
+	 * Check is a given user exists - send json error msg if not
+	 * @param string $user
+	 */
+	public static function checkUserExists($user) {
+		if (!OCP\User::userExists($user)) {
+			$l = OC_L10N::get('lib');
+			OCP\JSON::error(array('data' => array('message' => $l->t('Unknown user'))));
+			exit;
+		}
+	}
+
+
+
+	/**
 	* Check if the user is a subadmin, send json error msg if not
 	*/
 	public static function checkSubAdminUser() {
diff --git a/lib/private/util.php b/lib/private/util.php
index a4b3761..7b9d223 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -51,6 +51,10 @@ class OC_Util {
 			self::$rootMounted = true;
 		}
 
+		if ($user != '' && !OCP\User::userExists($user)) {
+			return false;
+		}
+
 		//if we aren't logged in, there is no use to set up the filesystem
 		if( $user != "" ) {
 			\OC\Files\Filesystem::addStorageWrapper(function($mountPoint, $storage){
diff --git a/lib/public/json.php b/lib/public/json.php
index 134f724..be8fc6b 100644
--- a/lib/public/json.php
+++ b/lib/public/json.php
@@ -167,6 +167,14 @@ class JSON {
 	* @return string json formatted string if not admin user.
 	*/
 	public static function checkAdminUser() {
-		return(\OC_JSON::checkAdminUser());
+		\OC_JSON::checkAdminUser();
+	}
+
+	/**
+	 * Check is a given user exists - send json error msg if not
+	 * @param string $user
+	 */
+	public static function checkUserExists($user) {
+		\OC_JSON::checkUserExists($user);
 	}
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list