upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

Allow ajax requests on public webdav interface

Browse source 
Whenever outgoing shares are disabled, still allow ajax requests to make
it possible to use the Webdav interface in the public link page.

Please note that disabling outgoing shares isn't strong anyway as
someone could abuse the ajax endpoints to access files anyway. To
properly disable remote sharing, public link sharing must be disabled
too.
This commit is contained in:
Vincent Petry 2015-07-13 12:01:15 +02:00
parent 67231ed9a7
commit c8a6fea1b4
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
apps/files_sharing/publicwebdav.php
View file

@ -46,7 +46,8 @@ $serverFactory = new \OC\Connector\Sabre\ServerFactory(
$requestUri = \OC::$server->getRequest()->getRequestUri();
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function () use ($authBackend) {
if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false) {
$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false && !$isAjax) {
// this is what is thrown when trying to access a non-existing share
throw new \Sabre\DAV\Exception\NotAuthenticated();
}