Merge pull request #28 from cernbox/cernbox-prod-8.2.2-guest-link-acc…

…ess-fix [Patch] Using link owner uid and gid for link access
cernbox · Jun 1, 2016 · 92af2ff · 92af2ff
2 parents a430a23 + 0a54ff8
commit 92af2ff
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/lib/private/files/objectstore/eosutil.php b/lib/private/files/objectstore/eosutil.php
@@ -210,11 +210,11 @@ private static function isSharedLinkGuest()
 			$token = $split[2];
 		}
 
-		$result = \OC_DB::prepare('SELECT token FROM oc_share WHERE token = ? LIMIT 1')->execute([$token])->fetchAll();
+		$result = \OC_DB::prepare('SELECT uid_owner FROM oc_share WHERE token = ? LIMIT 1')->execute([$token])->fetchAll();
 
 		if($result && count($result) > 0)
 		{
-			return true;
+			return self::getUidAndGid($result[0]['uid_owner']);
 		}
 
 		return false;
@@ -223,7 +223,7 @@ private static function isSharedLinkGuest()
 	// it return the id and gid of a normal user or false in other case, including the id is 0 (root) to avoid security leaks
 	public static function getUidAndGid($username) { // VERIFIED
 
-		if(self::$internalScript || self::isSharedLinkGuest())
+		if(self::$internalScript || (!$username && self::isSharedLinkGuest()))
 		{
 			return [0,0];
 		}