[Pkg-owncloud-commits] [owncloud] 64/79: Prevent objectstore being set from client side

Tue Sep 1 20:55:40 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit a1706f61aaf822aeba4ea9e84b53c5cea984f8e4
Author: Robin McCorkell <rmccorkell at owncloud.com>
Date:   Tue Aug 25 14:51:47 2015 +0100

    Prevent objectstore being set from client side
---
 apps/files_external/controller/storagescontroller.php |  9 +++++++++
 apps/files_external/lib/storageconfig.php             | 19 +++++++++++++++++++
 apps/files_external/service/storagesservice.php       |  8 ++++++--
 3 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php
index c09ceac..044eb0e 100644
--- a/apps/files_external/controller/storagescontroller.php
+++ b/apps/files_external/controller/storagescontroller.php
@@ -90,6 +90,15 @@ abstract class StoragesController extends Controller {
 		}
 
 		// TODO: validate that other attrs are set
+		if ($storage->getBackendOption('objectstore')) {
+			// objectstore must not be sent from client side
+			return new DataResponse(
+				array(
+					'message' => (string)$this->l10n->t('Objectstore forbidden')
+				),
+				Http::STATUS_UNPROCESSABLE_ENTITY
+			);
+		}
 
 		$backends = \OC_Mount_Config::getBackends();
 		if (!isset($backends[$storage->getBackendClass()])) {
diff --git a/apps/files_external/lib/storageconfig.php b/apps/files_external/lib/storageconfig.php
index 92c2770..7d30242 100644
--- a/apps/files_external/lib/storageconfig.php
+++ b/apps/files_external/lib/storageconfig.php
@@ -174,6 +174,25 @@ class StorageConfig implements \JsonSerializable {
 	}
 
 	/**
+	 * @param string $option
+	 * @return mixed
+	 */
+	public function getBackendOption($key) {
+		if (isset($this->backendOptions[$key])) {
+			return $this->backendOptions[$key];
+		}
+		return null;
+	}
+
+	/**
+	 * @param string $option
+	 * @param mixed $value
+	 */
+	public function setBackendOption($key, $value) {
+		$this->backendOptions[$key] = $value;
+	}
+
+	/**
 	 * Returns the mount priority
 	 *
 	 * @return int priority
diff --git a/apps/files_external/service/storagesservice.php b/apps/files_external/service/storagesservice.php
index 930f994..86c5abf 100644
--- a/apps/files_external/service/storagesservice.php
+++ b/apps/files_external/service/storagesservice.php
@@ -352,10 +352,14 @@ abstract class StoragesService {
 		if (!isset($allStorages[$id])) {
 			throw new NotFoundException('Storage with id "' . $id . '" not found');
 		}
-
 		$oldStorage = $allStorages[$id];
-		$allStorages[$id] = $updatedStorage;
 
+		// ensure objectstore is persistent
+		if ($objectstore = $oldStorage->getBackendOption('objectstore')) {
+			$updatedStorage->setBackendOption('objectstore', $objectstore);
+		}
+
+		$allStorages[$id] = $updatedStorage;
 		$this->writeConfig($allStorages);
 
 		$this->triggerChangeHooks($oldStorage, $updatedStorage);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

