Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 0 additions & 12 deletions apps/files_sharing/lib/Controller/ShareController.php
Original file line number Diff line number Diff line change
Expand Up @@ -263,18 +263,6 @@
* @return bool
*/
private function validateShare(\OCP\Share\IShare $share) {
// If the owner is disabled no access to the link is granted
$owner = $this->userManager->get($share->getShareOwner());
if ($owner === null || !$owner->isEnabled()) {
return false;
}

// If the initiator of the share is disabled no access is granted
$initiator = $this->userManager->get($share->getSharedBy());
if ($initiator === null || !$initiator->isEnabled()) {
return false;
}

return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}

Expand Down Expand Up @@ -428,7 +416,7 @@
&& !isset($downloadStartSecret[32])
&& preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
// FIXME: set on the response once we use an actual app framework response
setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');

Check failure on line 419 in apps/files_sharing/lib/Controller/ShareController.php

View workflow job for this annotation

GitHub Actions / static-code-analysis-security

TaintedCookie

apps/files_sharing/lib/Controller/ShareController.php:419:35: TaintedCookie: Detected tainted cookie (see https://psalm.dev/257)
}

$this->emitAccessShareHook($share);
Expand Down
4 changes: 2 additions & 2 deletions lib/private/Share20/Manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -1476,8 +1476,8 @@ protected function checkShare(IShare $share): void {
$this->deleteShare($share);
throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
}
if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') {
$uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'yes') === 'yes') {
$uids = array_unique([$share->getShareOwner(), $share->getSharedBy()]);
foreach ($uids as $uid) {
$user = $this->userManager->get($uid);
if ($user?->isEnabled() === false) {
Expand Down
2 changes: 1 addition & 1 deletion tests/lib/Share20/ManagerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -3107,7 +3107,7 @@ public function testGetShareByTokenHideDisabledUser() {
->method('getAppValue')
->willReturnMap([
['core', 'shareapi_allow_links', 'yes', 'yes'],
['files_sharing', 'hide_disabled_user_shares', 'no', 'yes'],
['files_sharing', 'hide_disabled_user_shares', 'yes', 'yes'],
]);

$this->l->expects($this->once())
Expand Down
Loading