// The standard case, files are uploaded through logged in users :) OCP\JSON::checkLoggedIn(); $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; if (!$dir || empty($dir) || $dir === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); die; } } else { // TODO: ideally this code should be in files_sharing/ajax/upload.php // and the upload/file transfer code needs to be refactored into a utility method // that could be used there \OC_User::setIncognitoMode(true); // return only read permissions for public upload $allowedPermissions = OCP\PERMISSION_READ; $publicDirectory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/'; $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); if ($linkItem === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); die; } if (!($linkItem['permissions'] & OCP\PERMISSION_CREATE)) { OCP\JSON::checkLoggedIn(); } else { // resolve reshares $rootLinkItem = OCP\Share::resolveReShare($linkItem); OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); // Setup FS with owner OC_Util::tearDownFS(); OC_Util::setupFS($rootLinkItem['uid_owner']); // The token defines the target directory (security reasons) $path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
<?php // Load other apps for file previews OC_App::loadApps(); $appConfig = \OC::$server->getAppConfig(); if ($appConfig->getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { header('HTTP/1.0 404 Not Found'); $tmpl = new OCP\Template('', '404', 'guest'); $tmpl->printPage(); exit; } if (isset($_GET['t'])) { $token = $_GET['t']; $linkItem = OCP\Share::getShareByToken($token, false); if (is_array($linkItem) && isset($linkItem['uid_owner'])) { // seems to be a valid share $type = $linkItem['item_type']; $fileSource = $linkItem['file_source']; $shareOwner = $linkItem['uid_owner']; $path = null; $rootLinkItem = OCP\Share::resolveReShare($linkItem); if (isset($rootLinkItem['uid_owner'])) { OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); OC_Util::tearDownFS(); OC_Util::setupFS($rootLinkItem['uid_owner']); $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); } } } if (isset($path)) { if (!isset($linkItem['item_type'])) {
public function testShareItemWithLink() { OC_User::setUserId($this->user1); $token = OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_LINK, null, \OCP\Constants::PERMISSION_READ); $this->assertInternalType('string', $token, 'Failed asserting that user 1 successfully shared text.txt as link with token.'); // testGetShareByTokenNoExpiration $row = $this->getShareByValidToken($token); $this->assertEmpty($row['expiration'], 'Failed asserting that the returned row does not have an expiration date.'); // testGetShareByTokenExpirationValid $this->assertTrue(OCP\Share::setExpirationDate('test', 'test.txt', $this->dateInFuture, ''), 'Failed asserting that user 1 successfully set a future expiration date for the test.txt share.'); $row = $this->getShareByValidToken($token); $this->assertNotEmpty($row['expiration'], 'Failed asserting that the returned row has an expiration date.'); // manipulate share table and set expire date to the past $query = \OC_DB::prepare('UPDATE `*PREFIX*share` SET `expiration` = ? WHERE `item_type` = ? AND `item_source` = ? AND `uid_owner` = ? AND `share_type` = ?'); $query->bindValue(1, new \DateTime($this->dateInPast), 'datetime'); $query->bindValue(2, 'test'); $query->bindValue(3, 'test.txt'); $query->bindValue(4, $this->user1); $query->bindValue(5, \OCP\Share::SHARE_TYPE_LINK); $query->execute(); $this->assertFalse(OCP\Share::getShareByToken($token), 'Failed asserting that an expired share could not be found.'); }
// Load other apps for file previews OC_App::loadApps(); function fileCmp($a, $b) { if ($a['type'] == 'dir' and $b['type'] != 'dir') { return -1; } elseif ($a['type'] != 'dir' and $b['type'] == 'dir') { return 1; } else { return strnatcasecmp($a['name'], $b['name']); } } if (isset($_GET['t'])) { $token = $_GET['t']; $linkItem = OCP\Share::getShareByToken($token); if (is_array($linkItem) && isset($linkItem['uid_owner'])) { // seems to be a valid share $type = $linkItem['item_type']; $fileSource = $linkItem['file_source']; $shareOwner = $linkItem['uid_owner']; $path = null; $rootLinkItem = OCP\Share::resolveReShare($linkItem); $fileOwner = $rootLinkItem['uid_owner']; if (isset($fileOwner)) { OC_Util::tearDownFS(); OC_Util::setupFS($fileOwner); $path = \OC\Files\Filesystem::getPath($linkItem['file_source']); } } }
$l = \OC::$server->getL10N('files'); if (empty($_POST['dirToken'])) { // The standard case, files are uploaded through logged in users :) OCP\JSON::checkLoggedIn(); $dir = isset($_POST['dir']) ? (string) $_POST['dir'] : ''; if (!$dir || empty($dir) || $dir === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); die; } } else { // TODO: ideally this code should be in files_sharing/ajax/upload.php // and the upload/file transfer code needs to be refactored into a utility method // that could be used there \OC_User::setIncognitoMode(true); $publicDirectory = !empty($_POST['subdir']) ? (string) $_POST['subdir'] : '/'; $linkItem = OCP\Share::getShareByToken((string) $_POST['dirToken']); if ($linkItem === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); die; } if (!($linkItem['permissions'] & \OCP\Constants::PERMISSION_CREATE)) { OCP\JSON::checkLoggedIn(); } else { // resolve reshares $rootLinkItem = OCP\Share::resolveReShare($linkItem); OCP\JSON::checkUserExists($rootLinkItem['uid_owner']); // Setup FS with owner OC_Util::tearDownFS(); OC_Util::setupFS($rootLinkItem['uid_owner']); // The token defines the target directory (security reasons) $path = \OC\Files\Filesystem::getPath($linkItem['file_source']);
public function testShareItemWithLink() { OC_User::setUserId($this->user1); $token = OCP\Share::shareItem('test', 'test.txt', OCP\Share::SHARE_TYPE_LINK, null, OCP\PERMISSION_READ); $this->assertInternalType('string', $token, 'Failed asserting that user 1 successfully shared text.txt as link with token.'); // testGetShareByTokenNoExpiration $row = $this->getShareByValidToken($token); $this->assertEmpty($row['expiration'], 'Failed asserting that the returned row does not have an expiration date.'); // testGetShareByTokenExpirationValid $this->assertTrue(OCP\Share::setExpirationDate('test', 'test.txt', $this->dateInFuture), 'Failed asserting that user 1 successfully set a future expiration date for the test.txt share.'); $row = $this->getShareByValidToken($token); $this->assertNotEmpty($row['expiration'], 'Failed asserting that the returned row has an expiration date.'); // testGetShareByTokenExpirationExpired $this->assertTrue(OCP\Share::setExpirationDate('test', 'test.txt', $this->dateInPast), 'Failed asserting that user 1 successfully set a past expiration date for the test.txt share.'); $this->assertFalse(OCP\Share::getShareByToken($token), 'Failed asserting that an expired share could not be found.'); }