From 5fb62c24f58ba871343da071b53a9a08e762cc96 Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Fri, 11 Oct 2013 18:24:18 +0200
Subject: [PATCH] Deport authorization check in the nodeleaf put() method.

---
 .../classes/sabredav/ajaxplorer/class.AJXP_Sabre_NodeLeaf.php  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/src/core/classes/sabredav/ajaxplorer/class.AJXP_Sabre_NodeLeaf.php b/core/src/core/classes/sabredav/ajaxplorer/class.AJXP_Sabre_NodeLeaf.php
index 409ee0e75c..e26b959b0c 100755
--- a/core/src/core/classes/sabredav/ajaxplorer/class.AJXP_Sabre_NodeLeaf.php
+++ b/core/src/core/classes/sabredav/ajaxplorer/class.AJXP_Sabre_NodeLeaf.php
@@ -52,6 +52,9 @@ function put($data){
         // Warning, passed by ref
         $p = $this->path;
 
+        if(!AuthService::getLoggedUser()->canRead($this->repository->getId())){
+            throw new \Sabre\DAV\Exception\Forbidden() ;
+        }
         $this->getAccessDriver()->nodeWillChange($p, intval($_SERVER["CONTENT_LENGTH"]));
 
         $stream = fopen($this->getUrl(), "w");