mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-22 11:09:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

enhancement(sharing): Check driveID when unmounting share

Browse Source 
Only accept requests against the shareJail driveID
This commit is contained in:
Ralf Haferkamp
2024-02-28 16:18:52 +01:00
committed by Ralf Haferkamp
parent 83f9db3152
commit 1ceba732c2
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/graph/pkg/service/v0/api_drives_drive_item.go
+7 -2
View File
@@ -244,7 +244,7 @@ func NewDrivesDriveItemApi(drivesDriveItemService DrivesDriveItemProvider, logge
func (api DrivesDriveItemApi) DeleteDriveItem(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
_, itemID, err := GetDriveAndItemIDParam(r, &api.logger)
driveID, itemID, err := GetDriveAndItemIDParam(r, &api.logger)
if err != nil {
msg := "invalid driveID or itemID"
api.logger.Debug().Err(err).Msg(msg)
@@ -252,7 +252,12 @@ func (api DrivesDriveItemApi) DeleteDriveItem(w http.ResponseWriter, r *http.Req
return
}
// fixMe: check if itemID is a share jail?
if !IsShareJail(driveID) {
msg := "invalid driveID, must be share jail"
api.logger.Debug().Interface("driveID", driveID).Msg(msg)
errorcode.InvalidRequest.Render(w, r, http.StatusUnprocessableEntity, msg)
return
}
if err := api.drivesDriveItemService.UnmountShare(ctx, itemID); err != nil {
msg := "unmounting share failed"