Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix public link resharing #3023

Merged
merged 1 commit into from
Jul 1, 2022
Merged

Fix public link resharing #3023

merged 1 commit into from
Jul 1, 2022

Conversation

kobergj
Copy link
Contributor

@kobergj kobergj commented Jul 1, 2022

See here owncloud/ocis#3881 or here owncloud/ocis#4061

Basically privilege escalation was possible through public links and resharing

@kobergj
fix public link resharing
156da77 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
@kobergj kobergj requested review from a team, labkode, ishank011 and glpatcern as code owners July 1, 2022 09:45
@butonic
Copy link
Contributor

butonic commented Jul 1, 2022

hm, shouldn't the public link share manager prevent elevating permissions? With this approach you are just shadowing a broken implementation, aren't you?

@kobergj
Copy link
Contributor Author

kobergj commented Jul 1, 2022

@butonic I sticked to same implementation as for normal shares. Permissions are checked within the ocs handler. As of now the share manager doesn't care about permissions.

@butonic
Copy link
Contributor

butonic commented Jul 1, 2022

YOLO 😞

@butonic butonic merged commit 7c36bd5 into cs3org:edge Jul 1, 2022
@kobergj kobergj deleted the FixPubliclinkResharing branch July 1, 2022 13:22
kobergj added a commit that referenced this pull request Jul 7, 2022
@kobergj
fix public link resharing (#3023)
f2b7f3f 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
kobergj added a commit to kobergj/reva that referenced this pull request Jul 11, 2022
@kobergj
fix public link resharing (cs3org#3023)
b4fd8cd 
Signed-off-by: jkoberg <jkoberg@owncloud.com>
kobergj added a commit to kobergj/reva that referenced this pull request Jul 14, 2022
@kobergj
Revert "fix public link resharing (cs3org#3023)"
c0edcda 
This reverts commit f2b7f3f.
This was referenced Jul 14, 2022
Closed
Closed
@kobergj kobergj mentioned this pull request Oct 14, 2022
Merged
@kiranparajuli589 kiranparajuli589 mentioned this pull request Oct 20, 2022
Merged
@kiranparajuli589 kiranparajuli589 mentioned this pull request Oct 28, 2022
Merged
@kobergj kobergj mentioned this pull request Dec 19, 2022
Merged
@kobergj kobergj mentioned this pull request May 22, 2023
Closed
@kobergj kobergj mentioned this pull request Mar 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@butonic butonic butonic approved these changes

@labkode labkode Awaiting requested review from labkode labkode is a code owner

@ishank011 ishank011 Awaiting requested review from ishank011

@glpatcern glpatcern Awaiting requested review from glpatcern glpatcern is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kobergj @butonic