Skip to content
This repository has been archived by the owner on Nov 25, 2020. It is now read-only.

Commit

Permalink
Do not die() on checkHash or it can break listing with legacy stuff
Browse files Browse the repository at this point in the history 
Set editable hash by default
  • Loading branch information
@cdujeu
cdujeu committed Sep 17, 2014
1 parent 237d47c commit 0ea95da
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 7 deletions.
25 changes: 22 additions & 3 deletions core/src/plugins/action.share/class.ShareCenter.php
View file
Expand Up @@ -948,6 +948,10 @@ public function initPublicFolder($downloadFolder)

public static function loadMinisite($data, $hash = '')
{
if(isset($data["SECURITY_MODIFIED"]) && $data["SECURITY_MODIFIED"] === true){
header("HTTP/1.0 401 Not allowed, script was modified");
die("Not allowed");
}
$repository = $data["REPOSITORY"];
AJXP_PluginsService::getInstance()->initActivePlugins();
$shareCenter = AJXP_PluginsService::findPlugin("action", "share");
Expand Down Expand Up @@ -1075,6 +1079,10 @@ public static function loadShareByHash($hash){
die('Link expired!');
}
if(!empty($data) && is_array($data)){
if(isSet($data["SECURITY_MODIFIED"]) && $data["SECURITY_MODIFIED"] === true){
header("HTTP/1.0 401 Not allowed, script was modified");
exit();
}
if($data["SHARE_TYPE"] == "minisite"){
self::loadMinisite($data, $hash);
}else{
Expand Down Expand Up @@ -1110,6 +1118,10 @@ private function deleteExpiredPubliclet($elementId, $data){
*/
public static function loadPubliclet($data)
{
if(isset($data["SECURITY_MODIFIED"]) && $data["SECURITY_MODIFIED"] === true){
header("HTTP/1.0 401 Not allowed, script was modified");
die("Not allowed");
}
// create driver from $data
$className = $data["DRIVER"]."AccessDriver";
$hash = md5(serialize($data));
Expand Down Expand Up @@ -1890,6 +1902,9 @@ public function listSharesAsNodes($rootPath, $currentUser = true, $parentReposit
}
$meta["text"] = $repoObject->getDisplay();
$meta["share_type_readable"] = $repoObject->hasContentFilter() ? "Publiclet" : ($shareType == "repository"? "Workspace": "Minisite");
if(isSet($shareData["LEGACY_REPO_OR_MINI"])){
$meta["share_type_readable"] = "Repository or Minisite (legacy)";
}
$meta["share_data"] = ($shareType == "repository" ? 'Shared as workspace: '.$repoObject->getDisplay() : $this->buildPublicletLink($hash));
$meta["shared_element_hash"] = $hash;
$meta["owner"] = $repoObject->getOwner();
Expand Down Expand Up @@ -1917,7 +1932,7 @@ public function listSharesAsNodes($rootPath, $currentUser = true, $parentReposit
}else if(is_a($shareData["REPOSITORY"], "Repository") && !empty($shareData["FILE_PATH"])){

$meta["owner"] = $shareData["OWNER_ID"];
$meta["share_type_readable"] = "Publiclet (old school)";
$meta["share_type_readable"] = "Publiclet (legacy)";
$meta["text"] = basename($shareData["FILE_PATH"]);
$meta["icon"] = "mime_empty.png";
$meta["share_data"] = $meta["copy_url"] = $this->buildPublicletLink($hash);
Expand Down Expand Up @@ -2023,8 +2038,12 @@ public static function currentContextIsLinkDownload(){
*/
public static function checkHash($outputData, $hash)
{
$full = md5($outputData);
return (!empty($hash) && strpos($full, $hash."") === 0);
// Never return false, otherwise it can break listing due to hardcore exit() call;
// Rechecked later
return true;

//$full = md5($outputData);
//return (!empty($hash) && strpos($full, $hash."") === 0);
}

/**
Expand Down
37 changes: 34 additions & 3 deletions core/src/plugins/action.share/class.ShareStore.php
View file
Expand Up @@ -134,7 +134,7 @@ public function loadShare($hash){
$code = $lines[3] . $lines[4] . $lines[5];
eval($code);
if(empty($inputData)) return false;
$dataModified = $this->checkHash($inputData, $hash); //(md5($inputData) != $id);
$dataModified = !$this->checkHash($inputData, $hash); //(md5($inputData) != $id);
$publicletData = unserialize($inputData);
$publicletData["SECURITY_MODIFIED"] = $dataModified;
if (!isSet($publicletData["REPOSITORY"])) {
Expand Down Expand Up @@ -229,6 +229,37 @@ public function listShares($limitToUser = '', $parentRepository = '', $cursor =
}
}

if(empty($shareType) || $shareType == "repository"){
// BACKWARD COMPATIBILITY: collect old-school shared repositories that are not yet stored in simpleStore
$storedIds = array();
foreach($dbLets as $share){
if(empty($limitToUser) || $limitToUser == $share["OWNER_ID"]) {
if(is_string($share["REPOSITORY"])) $storedIds[] = $share["REPOSITORY"];
else if (is_object($share["REPOSITORY"])) $storedIds[] = $share["REPOSITORY"]->getUniqueId();
}
}
// Find repositories that would have a parent
$criteria = array();
$criteria["parent_uuid"] = (empty($parentRepository) ? AJXP_FILTER_NOT_EMPTY : $parentRepository);
$criteria["owner_user_id"] = (empty($limitToUser) ? AJXP_FILTER_NOT_EMPTY : $limitToUser);
if(count($storedIds)){
$criteria["!uuid"] = $storedIds;
}
$oldRepos = ConfService::listRepositoriesWithCriteria($criteria, $count);
foreach($oldRepos as $sharedWorkspace){
if(!$sharedWorkspace->hasContentFilter()){
$dbLets[] = array(
"SHARE_TYPE" => "repository",
"OWNER_ID" => $sharedWorkspace->getOwner(),
"REPOSITORY" => $sharedWorkspace->getUniqueId(),
"LEGACY_REPO_OR_MINI" => true
);
//Auto Migrate? boaf.
//$this->storeShare($sharedWorkspace->getParentId(), $data, "repository");
}
}
}

return $dbLets;
}

Expand Down Expand Up @@ -323,8 +354,8 @@ public function deleteShare($type, $element)
$publicletData = $this->loadShare($element);
if (isSet($publicletData["OWNER_ID"]) && $this->testUserCanEditShare($publicletData["OWNER_ID"])) {
PublicletCounter::delete($element);
if(isSet($minisiteData["PUBLICLET_PATH"]) && is_file($minisiteData["PUBLICLET_PATH"])){
unlink($minisiteData["PUBLICLET_PATH"]);
if(isSet($publicletData["PUBLICLET_PATH"]) && is_file($publicletData["PUBLICLET_PATH"])){
unlink($publicletData["PUBLICLET_PATH"]);
}else if($this->sqlSupported){
$this->confStorage->simpleStoreClear("share", $element);
}
Expand Down
2 changes: 1 addition & 1 deletion core/src/plugins/action.share/manifest.xml
View file
Expand Up @@ -5,7 +5,7 @@
<global_param name="ENABLE_FILE_PUBLIC_LINK" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Enable public link generation for files]" label="CONF_MESSAGE[Enable public links for files]" type="boolean" default="true" expose="true"/>
<global_param name="USE_REWRITE_RULE" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Use web server RewriteEngine mechanism to generate prettier URLs]" label="CONF_MESSAGE[Use Rewrite Rule]" type="boolean" default="false"/>
<global_param name="HASH_MIN_LENGTH" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Minimum length of the generated hash]" label="CONF_MESSAGE[Hash minimum length]" type="integer" default="6"/>
<global_param name="HASH_USER_EDITABLE" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Allow users to manually choose a hash for the generated links]" label="CONF_MESSAGE[Hash user-editable]" type="boolean" default="false" expose="true"/>
<global_param name="HASH_USER_EDITABLE" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Allow users to manually choose a hash for the generated links]" label="CONF_MESSAGE[Hash user-editable]" type="boolean" default="true" expose="true"/>
<global_param name="FILE_MAX_EXPIRATION" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Maximum share expiration limit for file, 0 = unlimited]" label="CONF_MESSAGE[Maximum file expiration limit]" type="integer" default="0" expose="true"/>
<global_param name="FILE_MAX_DOWNLOAD" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Maximum download limit for file, 0 = unlimited]" label="CONF_MESSAGE[Maximum file download limit]" type="integer" default="0" expose="true"/>
<global_param name="EMAIL_INVITE_EXTERNAL" group="CONF_MESSAGE[Link Generation]" description="CONF_MESSAGE[Use external mailer for invitations]" label="CONF_MESSAGE[Force External Mailer]" type="boolean" default="false" expose="true"/>
Expand Down

0 comments on commit 0ea95da

Please sign in to comment.