Merge remote-tracking branch 'upstream/dev' into wiki

3 files changed, 5 insertions, 2 deletions

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 60fc2c988..9c73b47b9 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -231,7 +231,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	}
 
 	/**
-	 * @brief Sets the timezone from the channel in RedBasicAuth.
+	 * @brief Sets the timezone from the channel in BasicAuth.
 	 *
 	 * Set in mod/cloud.php if the channel has a timezone set.
 	 *
diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php
index b524b3cab..6242d5274 100644
--- a/Zotlabs/Storage/Directory.php
+++ b/Zotlabs/Storage/Directory.php
@@ -206,7 +206,6 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			throw new DAV\Exception\Forbidden('Permission denied.');
 		}
 
-		require_once('include/attach.php');
 
 		$mimetype = z_mime_content_type($name);
 
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index ecd15cc55..5a70a99f1 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -337,6 +337,10 @@ class File extends DAV\Node implements DAV\IFile {
 			}
 		}
 
+		if(get_pconfig($this->auth->owner_id,'system','os_delete_prohibit') && \App::$module == 'dav') {
+			throw new DAV\Exception\Forbidden('Permission denied.');
+		}
+ 
 		attach_delete($this->auth->owner_id, $this->data['hash']);
 
 		$ch = channelx_by_n($this->auth->owner_id);