aboutsummaryrefslogtreecommitdiffstats
path: root/php/share.php
diff options
context:
space:
mode:
authorAlex Vitkov <alexvitkov98@gmail.com>2021-02-14 09:40:14 +0200
committerAlex Vitkov <alexvitkov98@gmail.com>2021-02-14 09:40:14 +0200
commite42f26d37a4afee40b49aa7c1357695656acfd6c (patch)
tree9ba01584926eacd8a8011290c7cbbd9d5dd520eb /php/share.php
parente55c72279c25617f441049ab0be6fd6843eecdd5 (diff)
parentc7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (diff)
downloadfileup-e42f26d37a4afee40b49aa7c1357695656acfd6c.tar.gz
Merge branch 'master' of https://github.com/alexvitkov/india
Diffstat (limited to 'php/share.php')
-rw-r--r--php/share.php14
1 files changed, 8 insertions, 6 deletions
diff --git a/php/share.php b/php/share.php
index 5c92a76..0853058 100644
--- a/php/share.php
+++ b/php/share.php
@@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}
else
{
-// http_response_code(409);
+ http_response_code(409);
error_log("someone gave wrong premmissions =".$permissions."! This could be an attack");
-// exit(1);
+ exit(1);
}
//$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write);
@@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST")
}else if($_SERVER["REQUEST_METHOD"]== "GET")
{
$code=$_GET["file"];
- $file_id=$database->get_node_with_code($code);
- if($file_id==NULL)
+ $password=$_GET["password"];
+
+ $shared_node=$database->get_shared_node($code);
+ if($shared_node==NULL || $shared_node->password!=$password)
{
http_response_code(409);
exit(0);
}
- $permissions=$database->get_permissions($file_id,$user->user_id);
+ $permissions=$database->get_permissions($shared_node->node_id,$user->user_id);
if($permissions["can_view"]==true)
{
- $node=$database->get_node($file_id);
+ $node=$database->get_node($shared_node->node_id);
if($node->is_directory)
{
/*spooky stuff here*/