aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorredmatrix <redmatrix@redmatrix.me>2015-12-10 15:13:10 -0800
committerredmatrix <redmatrix@redmatrix.me>2015-12-10 15:13:10 -0800
commit7fa944ed953cbf2b9ee044d46e74dfd299237fa7 (patch)
tree567ff9c0d1388b0debc5a670673eb17faadde91b /mod
parent2340092008145317a50cd6099c62f14575aa286c (diff)
downloadvolse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.tar.gz
volse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.tar.bz2
volse-hubzilla-7fa944ed953cbf2b9ee044d46e74dfd299237fa7.zip
don't spit out sabre xml on permission denied exceptions, just provide a 401
Diffstat (limited to 'mod')
-rw-r--r--mod/cloud.php42
1 files changed, 12 insertions, 30 deletions
diff --git a/mod/cloud.php b/mod/cloud.php
index efb33f935..67fc199bf 100644
--- a/mod/cloud.php
+++ b/mod/cloud.php
@@ -73,36 +73,18 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin);
-/* This next bit should no longer be needed... */
-
- // The next section of code allows us to bypass prompting for http-auth if a
- // FILE is being accessed anonymously and permissions allow this. This way
- // one can create hotlinks to public media files in their cloud and anonymous
- // viewers won't get asked to login.
- // If a DIRECTORY is accessed or there are permission issues accessing the
- // file and we aren't previously authenticated via zot, prompt for HTTP-auth.
- // This will be the default case for mounting a DAV directory.
- // In order to avoid prompting for passwords for viewing a DIRECTORY, add
- // the URL query parameter 'davguest=1'.
-
-// $isapublic_file = false;
-// $davguest = ((x($_SESSION, 'davguest')) ? true : false);
-
-// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
-// try {
-// $x = RedFileData('/' . $a->cmd, $auth);
-// if($x instanceof RedDAV\RedFile)
-// $isapublic_file = true;
-// }
-// catch (Exception $e) {
-// $isapublic_file = false;
-// }
-// }
-
-// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
-// logger('mod_cloud: auth exception');
-// http_status_exit(401, 'Permission denied.');
-// }
+ $is_readable = false;
+
+ if($_SERVER['REQUEST_METHOD'] === 'GET') {
+ try {
+ $x = RedFileData('/' . $a->cmd, $auth);
+ }
+ catch(\Exception $e) {
+ if($e instanceof Sabre\DAV\Exception\Forbidden) {
+ http_status_exit(401, 'Permission denied.');
+ }
+ }
+ }
require_once('include/RedDAV/RedBrowser.php');
// provide a directory view for the cloud in Hubzilla