This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @author Joas Schilling <[email protected]> |
||
4 | * @author Lukas Reschke <[email protected]> |
||
5 | * @author Roeland Jago Douma <[email protected]> |
||
6 | * |
||
7 | * @copyright Copyright (c) 2018, ownCloud GmbH |
||
8 | * @license AGPL-3.0 |
||
9 | * |
||
10 | * This code is free software: you can redistribute it and/or modify |
||
11 | * it under the terms of the GNU Affero General Public License, version 3, |
||
12 | * as published by the Free Software Foundation. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU Affero General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU Affero General Public License, version 3, |
||
20 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
||
21 | * |
||
22 | */ |
||
23 | |||
24 | namespace OCA\Files_Sharing\API; |
||
25 | |||
26 | use OC\Files\Filesystem; |
||
27 | use OCA\Files_Sharing\External\Manager; |
||
28 | use Symfony\Component\EventDispatcher\GenericEvent; |
||
29 | |||
30 | class Remote { |
||
31 | |||
32 | /** |
||
33 | * Get list of pending remote shares |
||
34 | * |
||
35 | * @param array $params empty |
||
36 | * @return \OC_OCS_Result |
||
37 | */ |
||
38 | public static function getOpenShares($params) { |
||
39 | $externalManager = new Manager( |
||
40 | \OC::$server->getDatabaseConnection(), |
||
41 | Filesystem::getMountManager(), |
||
42 | Filesystem::getLoader(), |
||
43 | \OC::$server->getNotificationManager(), |
||
44 | \OC::$server->getEventDispatcher(), |
||
45 | \OC_User::getUser() |
||
46 | ); |
||
47 | |||
48 | return new \OC_OCS_Result($externalManager->getOpenShares()); |
||
49 | } |
||
50 | |||
51 | /** |
||
52 | * Accept a remote share |
||
53 | * |
||
54 | * @param array $params contains the shareID 'id' which should be accepted |
||
55 | * @return \OC_OCS_Result |
||
56 | */ |
||
57 | View Code Duplication | public static function acceptShare($params) { |
|
58 | $externalManager = new Manager( |
||
59 | \OC::$server->getDatabaseConnection(), |
||
60 | Filesystem::getMountManager(), |
||
61 | Filesystem::getLoader(), |
||
62 | \OC::$server->getNotificationManager(), |
||
63 | \OC::$server->getEventDispatcher(), |
||
64 | \OC_User::getUser() |
||
65 | ); |
||
66 | |||
67 | $shareInfo = $externalManager->getShare($params['id']); |
||
68 | |||
69 | if ($externalManager->acceptShare((int) $params['id'])) { |
||
70 | $dispatcher = \OC::$server->getEventDispatcher(); |
||
71 | $event = new GenericEvent(null, |
||
72 | ['shareAcceptedFrom' => $shareInfo['owner'], |
||
73 | 'sharedAcceptedBy' => $shareInfo['user'], |
||
74 | 'sharedItem' => $shareInfo['name'], |
||
75 | 'remoteUrl' => $shareInfo['remote'] |
||
76 | ] |
||
77 | ); |
||
78 | $dispatcher->dispatch('remoteshare.accepted', $event); |
||
79 | return new \OC_OCS_Result(); |
||
80 | } |
||
81 | |||
82 | // Make sure the user has no notification for something that does not exist anymore. |
||
83 | $externalManager->processNotification((int) $params['id']); |
||
84 | |||
85 | return new \OC_OCS_Result(null, 404, "wrong share ID, share doesn't exist."); |
||
86 | } |
||
87 | |||
88 | /** |
||
89 | * Decline a remote share |
||
90 | * |
||
91 | * @param array $params contains the shareID 'id' which should be declined |
||
92 | * @return \OC_OCS_Result |
||
93 | */ |
||
94 | View Code Duplication | public static function declineShare($params) { |
|
95 | $externalManager = new Manager( |
||
96 | \OC::$server->getDatabaseConnection(), |
||
97 | Filesystem::getMountManager(), |
||
98 | Filesystem::getLoader(), |
||
99 | \OC::$server->getNotificationManager(), |
||
100 | \OC::$server->getEventDispatcher(), |
||
101 | \OC_User::getUser() |
||
102 | ); |
||
103 | |||
104 | $shareInfo = $externalManager->getShare($params['id']); |
||
105 | |||
106 | if ($externalManager->declineShare((int) $params['id'])) { |
||
107 | $dispatcher = \OC::$server->getEventDispatcher(); |
||
108 | $event = new GenericEvent(null, |
||
109 | ['shareAcceptedFrom' => $shareInfo['owner'], |
||
110 | 'sharedAcceptedBy' => $shareInfo['user'], |
||
111 | 'sharedItem' => $shareInfo['name'], |
||
112 | 'remoteUrl' => $shareInfo['remote'] |
||
113 | ] |
||
114 | ); |
||
115 | $dispatcher->dispatch('remoteshare.declined', $event); |
||
116 | return new \OC_OCS_Result(); |
||
117 | } |
||
118 | |||
119 | // Make sure the user has no notification for something that does not exist anymore. |
||
120 | $externalManager->processNotification((int) $params['id']); |
||
121 | |||
122 | return new \OC_OCS_Result(null, 404, "wrong share ID, share doesn't exist."); |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * @param array $share Share with info from the share_external table |
||
127 | * @return array enriched share info with data from the filecache |
||
128 | */ |
||
129 | private static function extendShareInfo($share) { |
||
130 | $view = new \OC\Files\View('/' . \OC_User::getUser() . '/files/'); |
||
131 | $info = $view->getFileInfo($share['mountpoint']); |
||
132 | |||
133 | $share['mimetype'] = $info->getMimetype(); |
||
134 | $share['mtime'] = $info->getMtime(); |
||
135 | $share['permissions'] = $info->getPermissions(); |
||
136 | $share['type'] = $info->getType(); |
||
137 | $share['file_id'] = \strval($info->getId()); |
||
138 | |||
139 | return $share; |
||
140 | } |
||
141 | |||
142 | /** |
||
143 | * List accepted remote shares |
||
144 | * |
||
145 | * @param array $params |
||
146 | * @return \OC_OCS_Result |
||
147 | */ |
||
148 | public static function getShares($params) { |
||
0 ignored issues
–
show
|
|||
149 | $externalManager = new Manager( |
||
150 | \OC::$server->getDatabaseConnection(), |
||
151 | Filesystem::getMountManager(), |
||
152 | Filesystem::getLoader(), |
||
153 | \OC::$server->getNotificationManager(), |
||
154 | \OC::$server->getEventDispatcher(), |
||
155 | \OC_User::getUser() |
||
0 ignored issues
–
show
It seems like
\OC_User::getUser() targeting OC_User::getUser() can also be of type boolean ; however, OCA\Files_Sharing\External\Manager::__construct() does only seem to accept string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
156 | ); |
||
157 | |||
158 | $shares = $externalManager->getAcceptedShares(); |
||
159 | |||
160 | $shares = \array_map('self::extendShareInfo', $shares); |
||
161 | |||
162 | return new \OC_OCS_Result($shares); |
||
163 | } |
||
164 | |||
165 | /** |
||
166 | * Get info of a remote share |
||
167 | * |
||
168 | * @param array $params contains the shareID 'id' |
||
169 | * @return \OC_OCS_Result |
||
170 | */ |
||
171 | public static function getShare($params) { |
||
172 | $externalManager = new Manager( |
||
173 | \OC::$server->getDatabaseConnection(), |
||
174 | Filesystem::getMountManager(), |
||
175 | Filesystem::getLoader(), |
||
176 | \OC::$server->getNotificationManager(), |
||
177 | \OC::$server->getEventDispatcher(), |
||
178 | \OC_User::getUser() |
||
0 ignored issues
–
show
It seems like
\OC_User::getUser() targeting OC_User::getUser() can also be of type boolean ; however, OCA\Files_Sharing\External\Manager::__construct() does only seem to accept string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
179 | ); |
||
180 | |||
181 | $shareInfo = $externalManager->getShare($params['id']); |
||
182 | |||
183 | if ($shareInfo === false) { |
||
184 | return new \OC_OCS_Result(null, 404, 'share does not exist'); |
||
185 | } else { |
||
186 | $shareInfo = self::extendShareInfo($shareInfo); |
||
187 | return new \OC_OCS_Result($shareInfo); |
||
188 | } |
||
189 | } |
||
190 | |||
191 | /** |
||
192 | * Unshare a remote share |
||
193 | * |
||
194 | * @param array $params contains the shareID 'id' which should be unshared |
||
195 | * @return \OC_OCS_Result |
||
196 | */ |
||
197 | public static function unshare($params) { |
||
198 | $externalManager = new Manager( |
||
199 | \OC::$server->getDatabaseConnection(), |
||
200 | Filesystem::getMountManager(), |
||
201 | Filesystem::getLoader(), |
||
202 | \OC::$server->getNotificationManager(), |
||
203 | \OC::$server->getEventDispatcher(), |
||
204 | \OC_User::getUser() |
||
0 ignored issues
–
show
It seems like
\OC_User::getUser() targeting OC_User::getUser() can also be of type boolean ; however, OCA\Files_Sharing\External\Manager::__construct() does only seem to accept string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
205 | ); |
||
206 | |||
207 | $shareInfo = $externalManager->getShare($params['id']); |
||
208 | |||
209 | if ($shareInfo === false) { |
||
210 | return new \OC_OCS_Result(null, 404, 'Share does not exist'); |
||
211 | } |
||
212 | |||
213 | $mountPoint = '/' . \OC_User::getUser() . '/files' . $shareInfo['mountpoint']; |
||
214 | |||
215 | if ($externalManager->removeShare($mountPoint) === true) { |
||
216 | return new \OC_OCS_Result(null); |
||
217 | } else { |
||
218 | return new \OC_OCS_Result(null, 403, 'Could not unshare'); |
||
219 | } |
||
220 | } |
||
221 | } |
||
222 |
This check looks from parameters that have been defined for a function or method, but which are not used in the method body.