[Pkg-owncloud-commits] [owncloud] 51/95: DAV authentication: use Owncloud's internal user instead of HTTP-supplied one

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v8.0.1
in repository owncloud.

commit 62029c354168a13c1a0a14ea67d36bb00a42e533
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Feb 16 23:34:49 2015 +0100

    DAV authentication: use Owncloud's internal user instead of HTTP-supplied one
    
    Fixes: #14048, #14104, calendar#712
---
 lib/private/connector/sabre/auth.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/private/connector/sabre/auth.php b/lib/private/connector/sabre/auth.php
index 533d250..6f7c429 100644
--- a/lib/private/connector/sabre/auth.php
+++ b/lib/private/connector/sabre/auth.php
@@ -60,8 +60,11 @@ class OC_Connector_Sabre_Auth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 		} else {
 			OC_Util::setUpFS(); //login hooks may need early access to the filesystem
 			if(OC_User::login($username, $password)) {
-				OC_Util::setUpFS(OC_User::getUser());
-				\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $username);
+			        // make sure we use owncloud's internal username here
+			        // and not the HTTP auth supplied one, see issue #14048
+			        $ocUser = OC_User::getUser();
+				OC_Util::setUpFS($ocUser);
+				\OC::$server->getSession()->set(self::DAV_AUTHENTICATED, $ocUser);
 				\OC::$server->getSession()->close();
 				return true;
 			} else {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git