[Pkg-owncloud-commits] [owncloud] 95/131: Use a hook to integrate sharing password verification

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v8.1.1
in repository owncloud.

commit e29158c892877d4b621db5f5a6823fef1b0f5f17
Author: Thomas Müller <thomas.mueller at tmit.eu>
Date:   Thu Jul 23 14:44:48 2015 +0200

    Use a hook to integrate sharing password verification
---
 lib/private/share/share.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 2a9fa44..98fbceb 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -737,6 +737,7 @@ class Share extends Constants {
 
 				// Generate hash of password - same method as user passwords
 				if (!empty($shareWith)) {
+					self::verifyPassword($shareWith);
 					$shareWith = \OC::$server->getHasher()->hash($shareWith);
 				} else {
 					// reuse the already set password, but only if we change permissions
@@ -1252,6 +1253,8 @@ class Share extends Constants {
 			throw new \Exception('Cannot remove password');
 		}
 
+		self::verifyPassword($password);
+
 		$qb = $connection->createQueryBuilder();
 		$qb->update('`*PREFIX*share`')
 			->set('`share_with`', ':pass')
@@ -2604,4 +2607,23 @@ class Share extends Constants {
 		$result = \OC::$server->getDatabaseConnection()->executeQuery($query, [$id]);
 		return $result->fetchAll();
 	}
+
+	/**
+	 * @param string $password
+	 * @throws \Exception
+	 */
+	private static function verifyPassword($password) {
+
+		$accepted = true;
+		$message = '';
+		\OCP\Util::emitHook('\OC\Share', 'verifyPassword', [
+			'password' => $password,
+			'accepted' => &$accepted,
+			'message' => &$message
+		]);
+
+		if (!$accepted) {
+			throw new \Exception($message);
+		}
+	}
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git