mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-06 04:09:40 -06:00
Code Issues Packages Projects Releases Wiki Activity

enhancement(sharing): Check driveID when unmounting share

Browse Source 
Only accept requests against the shareJail driveID

(cherry picked from commit 64f6c147dd55f1ede79f1709e09817939fcc4387)
This commit is contained in:
Ralf Haferkamp
2024-02-28 16:18:52 +01:00
parent 693bc7b38f
commit 696b7b7a8d
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
services/graph/pkg/service/v0/api_drives_drive_item.go
View File

@@ -244,7 +244,7 @@ func NewDrivesDriveItemApi(drivesDriveItemService DrivesDriveItemProvider, logge
func (api DrivesDriveItemApi) DeleteDriveItem(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
_, itemID, err := GetDriveAndItemIDParam(r, &api.logger)
driveID, itemID, err := GetDriveAndItemIDParam(r, &api.logger)
if err != nil {
msg := "invalid driveID or itemID"
api.logger.Debug().Err(err).Msg(msg)
@@ -252,7 +252,12 @@ func (api DrivesDriveItemApi) DeleteDriveItem(w http.ResponseWriter, r *http.Req
return
}
// fixMe: check if itemID is a share jail?
if !IsShareJail(driveID) {
msg := "invalid driveID, must be share jail"
api.logger.Debug().Interface("driveID", driveID).Msg(msg)
errorcode.InvalidRequest.Render(w, r, http.StatusUnprocessableEntity, msg)
return
}
if err := api.drivesDriveItemService.UnmountShare(ctx, itemID); err != nil {
msg := "unmounting share failed"