diff options
author | Alex Vitkov <alexvitkov98@gmail.com> | 2021-02-14 09:40:14 +0200 |
---|---|---|
committer | Alex Vitkov <alexvitkov98@gmail.com> | 2021-02-14 09:40:14 +0200 |
commit | e42f26d37a4afee40b49aa7c1357695656acfd6c (patch) | |
tree | 9ba01584926eacd8a8011290c7cbbd9d5dd520eb /php/share.php | |
parent | e55c72279c25617f441049ab0be6fd6843eecdd5 (diff) | |
parent | c7a6eb6587b285f59a7c2c4bae9a7aa4ef8247e1 (diff) | |
download | fileup-e42f26d37a4afee40b49aa7c1357695656acfd6c.tar.gz |
Merge branch 'master' of https://github.com/alexvitkov/india
Diffstat (limited to 'php/share.php')
-rw-r--r-- | php/share.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/php/share.php b/php/share.php index 5c92a76..0853058 100644 --- a/php/share.php +++ b/php/share.php @@ -27,9 +27,9 @@ if($_SERVER["REQUEST_METHOD"] == "POST") } else { -// http_response_code(409); + http_response_code(409); error_log("someone gave wrong premmissions =".$permissions."! This could be an attack"); -// exit(1); + exit(1); } //$share_link=create_share_link($path,$filename,$password,$user,$can_read,$can_write); @@ -46,16 +46,18 @@ if($_SERVER["REQUEST_METHOD"] == "POST") }else if($_SERVER["REQUEST_METHOD"]== "GET") { $code=$_GET["file"]; - $file_id=$database->get_node_with_code($code); - if($file_id==NULL) + $password=$_GET["password"]; + + $shared_node=$database->get_shared_node($code); + if($shared_node==NULL || $shared_node->password!=$password) { http_response_code(409); exit(0); } - $permissions=$database->get_permissions($file_id,$user->user_id); + $permissions=$database->get_permissions($shared_node->node_id,$user->user_id); if($permissions["can_view"]==true) { - $node=$database->get_node($file_id); + $node=$database->get_node($shared_node->node_id); if($node->is_directory) { /*spooky stuff here*/ |