diff options
author | redmatrix <redmatrix@redmatrix.me> | 2015-12-10 15:13:10 -0800 |
---|---|---|
committer | redmatrix <redmatrix@redmatrix.me> | 2015-12-10 15:13:10 -0800 |
commit | 7fa944ed953cbf2b9ee044d46e74dfd299237fa7 (patch) | |
tree | 567ff9c0d1388b0debc5a670673eb17faadde91b /mod/cloud.php | |
parent | 2340092008145317a50cd6099c62f14575aa286c (diff) | |
download | volse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.tar.gz volse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.tar.bz2 volse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.zip |
don't spit out sabre xml on permission denied exceptions, just provide a 401
Diffstat (limited to 'mod/cloud.php')
-rw-r--r-- | mod/cloud.php | 42 |
1 files changed, 12 insertions, 30 deletions
diff --git a/mod/cloud.php b/mod/cloud.php index efb33f935..67fc199bf 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,36 +73,18 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); -/* This next bit should no longer be needed... */ - - // The next section of code allows us to bypass prompting for http-auth if a - // FILE is being accessed anonymously and permissions allow this. This way - // one can create hotlinks to public media files in their cloud and anonymous - // viewers won't get asked to login. - // If a DIRECTORY is accessed or there are permission issues accessing the - // file and we aren't previously authenticated via zot, prompt for HTTP-auth. - // This will be the default case for mounting a DAV directory. - // In order to avoid prompting for passwords for viewing a DIRECTORY, add - // the URL query parameter 'davguest=1'. - -// $isapublic_file = false; -// $davguest = ((x($_SESSION, 'davguest')) ? true : false); - -// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { -// try { -// $x = RedFileData('/' . $a->cmd, $auth); -// if($x instanceof RedDAV\RedFile) -// $isapublic_file = true; -// } -// catch (Exception $e) { -// $isapublic_file = false; -// } -// } - -// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { -// logger('mod_cloud: auth exception'); -// http_status_exit(401, 'Permission denied.'); -// } + $is_readable = false; + + if($_SERVER['REQUEST_METHOD'] === 'GET') { + try { + $x = RedFileData('/' . $a->cmd, $auth); + } + catch(\Exception $e) { + if($e instanceof Sabre\DAV\Exception\Forbidden) { + http_status_exit(401, 'Permission denied.'); + } + } + } require_once('include/RedDAV/RedBrowser.php'); // provide a directory view for the cloud in Hubzilla |