diff options
author | zotlabs <mike@macgirvin.com> | 2020-05-05 19:36:57 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2020-05-05 19:39:09 -0700 |
commit | 7a0d9a449492ff3b5ef97b997310ed26ec1f53e4 (patch) | |
tree | ffeea3d1898760f313df4bd5d80e9558b1b98e0c /Zotlabs/Storage/File.php | |
parent | 6a0ac591d161df1b3a1d6182915ed01cfee95b0a (diff) | |
download | volse-hubzilla-7a0d9a449492ff3b5ef97b997310ed26ec1f53e4.tar.gz volse-hubzilla-7a0d9a449492ff3b5ef97b997310ed26ec1f53e4.tar.bz2 volse-hubzilla-7a0d9a449492ff3b5ef97b997310ed26ec1f53e4.zip |
issue generating photo thumbnails when uploaded via davfs
Diffstat (limited to 'Zotlabs/Storage/File.php')
-rw-r--r-- | Zotlabs/Storage/File.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 68edde166..ee96363c4 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -121,6 +121,11 @@ class File extends DAV\Node implements DAV\IFile { logger('put file: ' . basename($this->name), LOGGER_DEBUG); $size = 0; + if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { + logger('permission denied for put operation'); + throw new DAV\Exception\Forbidden('Permission denied.'); + } + // @todo only 3 values are needed $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id) |