sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12544 from nextcloud/fix/better_update_share_handling 

Handle permission in update of share better
pull/12559/head
Roeland Jago Douma 2018-11-20 16:19:11 +07:00 committed by GitHub
parent e73bfd5331 a343a60a68
commit 1bf742c462
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/files_sharing/lib/Controller/ShareAPIController.php
Unescape Escape View File

@ -808,6 +808,10 @@ class ShareAPIController extends OCSController {
throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist'));
}
if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) {
throw new OCSForbiddenException('You are not allowed to edit incomming shares');
}
if ($permissions === null &&
$password === null &&
$sendPasswordByTalk === null &&