From 9661a63a7200987843aba91d0aecd214482c1db1 Mon Sep 17 00:00:00 2001
From: Michael Gapczynski <mtgap@owncloud.com>
Date: Tue, 14 Aug 2012 16:54:38 -0400
Subject: [PATCH] Ensure permissions can't be escalated during a reshare

---
 lib/public/share.php | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/public/share.php b/lib/public/share.php
index 4e43687a13..766b0a3164 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -662,13 +662,18 @@ class Share {
 		// Check if this is a reshare
 		// TODO This query has pretty bad performance if there are large collections, figure out a way to make the collection searching more efficient
 		if ($checkReshare = self::getItemSharedWith($itemType, $itemSource, self::FORMAT_NONE, null, true)) {
-			if ($checkReshare['permissions'] & self::PERMISSION_SHARE) {
-				// TODO Check that other permissions aren't escalated
-				// TODO Don't check if inside folder
-				$parent = $checkReshare['id'];
-				$itemSource = $checkReshare['item_source'];
-				$fileSource = $checkReshare['file_source'];
-				$filePath = $checkReshare['file_target'];
+			if ((int)$checkReshare['permissions'] & self::PERMISSION_SHARE) {
+				if (~(int)$checkReshare['permissions'] & $permissions) {
+					$message = 'Sharing '.$itemSource.' failed, because the permissions exceed permissions granted to '.$uidOwner;
+					\OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
+					throw new \Exception($message);
+				} else {
+					// TODO Don't check if inside folder
+					$parent = $checkReshare['id'];
+					$itemSource = $checkReshare['item_source'];
+					$fileSource = $checkReshare['file_source'];
+					$filePath = $checkReshare['file_target'];
+				}
 			} else {
 				$message = 'Sharing '.$itemSource.' failed, because resharing is not allowed';
 				\OC_Log::write('OCP\Share', $message, \OC_Log::ERROR);
-- 
GitLab