From 7fa944ed953cbf2b9ee044d46e74dfd299237fa7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 10 Dec 2015 15:13:10 -0800 Subject: don't spit out sabre xml on permission denied exceptions, just provide a 401 --- mod/cloud.php | 42 ++++++++++++------------------------------ version.inc | 2 +- 2 files changed, 13 insertions(+), 31 deletions(-) diff --git a/mod/cloud.php b/mod/cloud.php index efb33f935..67fc199bf 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,36 +73,18 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); -/* This next bit should no longer be needed... */ - - // The next section of code allows us to bypass prompting for http-auth if a - // FILE is being accessed anonymously and permissions allow this. This way - // one can create hotlinks to public media files in their cloud and anonymous - // viewers won't get asked to login. - // If a DIRECTORY is accessed or there are permission issues accessing the - // file and we aren't previously authenticated via zot, prompt for HTTP-auth. - // This will be the default case for mounting a DAV directory. - // In order to avoid prompting for passwords for viewing a DIRECTORY, add - // the URL query parameter 'davguest=1'. - -// $isapublic_file = false; -// $davguest = ((x($_SESSION, 'davguest')) ? true : false); - -// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { -// try { -// $x = RedFileData('/' . $a->cmd, $auth); -// if($x instanceof RedDAV\RedFile) -// $isapublic_file = true; -// } -// catch (Exception $e) { -// $isapublic_file = false; -// } -// } - -// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { -// logger('mod_cloud: auth exception'); -// http_status_exit(401, 'Permission denied.'); -// } + $is_readable = false; + + if($_SERVER['REQUEST_METHOD'] === 'GET') { + try { + $x = RedFileData('/' . $a->cmd, $auth); + } + catch(\Exception $e) { + if($e instanceof Sabre\DAV\Exception\Forbidden) { + http_status_exit(401, 'Permission denied.'); + } + } + } require_once('include/RedDAV/RedBrowser.php'); // provide a directory view for the cloud in Hubzilla diff --git a/version.inc b/version.inc index 3c7cd4dfb..8ef02f56e 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-12-09.1241 +2015-12-10.1242 -- cgit v1.2.3