aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2020-05-05 20:01:09 -0700
committerzotlabs <mike@macgirvin.com>2020-05-05 20:01:09 -0700
commit191e01e3ec4930916ea42927629a5e5d74d07a59 (patch)
tree053bbcc9c213bd2e1da2b4a1c464be771929b2c3
parent8c65e9cb4a30a86208bdda91d7d764a8c6ee6b4c (diff)
downloadvolse-hubzilla-191e01e3ec4930916ea42927629a5e5d74d07a59.tar.gz
volse-hubzilla-191e01e3ec4930916ea42927629a5e5d74d07a59.tar.bz2
volse-hubzilla-191e01e3ec4930916ea42927629a5e5d74d07a59.zip
re-apply after removing from cherry-picked git hash from wrong branch
-rw-r--r--Zotlabs/Module/Dav.php2
-rw-r--r--Zotlabs/Storage/BasicAuth.php11
-rw-r--r--Zotlabs/Storage/Directory.php19
-rw-r--r--Zotlabs/Storage/File.php5
4 files changed, 32 insertions, 5 deletions
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index e8ce6a703..adab25e45 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -95,7 +95,7 @@ class Dav extends \Zotlabs\Web\Controller {
$auth = new \Zotlabs\Storage\BasicAuth();
- $auth->observer = get_observer_hash();
+ // $auth->observer = get_observer_hash();
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index a5c01fbb7..3a48f5004 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Storage;
+use App;
use Sabre\DAV;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
@@ -128,6 +129,16 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
$this->channel_name = $r['channel_address'];
$this->channel_id = $r['channel_id'];
$this->channel_hash = $this->observer = $r['channel_hash'];
+
+ if ($this->observer) {
+ $r = q("select * from xchan where xchan_hash = '%s' limit 1",
+ dbesc($this->observer)
+ );
+ if ($r) {
+ App::set_observer(array_shift($r));
+ }
+ }
+
$_SESSION['uid'] = $r['channel_id'];
$_SESSION['account_id'] = $r['channel_account_id'];
$_SESSION['authenticated'] = true;
diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php
index 8cda75fd1..1231dfa25 100644
--- a/Zotlabs/Storage/Directory.php
+++ b/Zotlabs/Storage/Directory.php
@@ -281,8 +281,19 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
$xpath = attach_syspaths($this->auth->owner_id, $hash);
- // returns the number of bytes that were written to the file, or FALSE on failure
- $size = file_put_contents($f, $data);
+
+ if (is_resource($data)) {
+ $fp = fopen($f,'wb');
+ if ($fp) {
+ pipe_streams($data,$fp);
+ fclose($fp);
+ }
+ $size = filesize($f);
+ }
+ else {
+ $size = file_put_contents($f, $data);
+ }
+
// delete attach entry if file_put_contents() failed
if ($size === false) {
logger('file_put_contents() failed to ' . $f);
@@ -315,7 +326,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
$d = q("UPDATE attach SET filesize = '%s', os_path = '%s', display_path = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d",
dbesc($size),
dbesc($xpath['os_path']),
- dbesc($xpath['display_path']),
+ dbesc($xpath['path']),
intval($is_photo),
dbesc($edited),
dbesc($hash),
@@ -364,7 +375,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
$p = photo_upload($c[0], \App::get_observer(), $args);
}
- \Zotlabs\Daemon\Master::Summon([ 'Thumbnail' , $this->folder_hash ]);
+ \Zotlabs\Daemon\Master::Summon([ 'Thumbnail' , $hash ]);
$sync = attach_export_data($c[0], $hash);
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index 68edde166..ee96363c4 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -121,6 +121,11 @@ class File extends DAV\Node implements DAV\IFile {
logger('put file: ' . basename($this->name), LOGGER_DEBUG);
$size = 0;
+ if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
+ logger('permission denied for put operation');
+ throw new DAV\Exception\Forbidden('Permission denied.');
+ }
+
// @todo only 3 values are needed
$c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1",
intval($this->auth->owner_id)