Merge pull request #7168 from owncloud/issue/7152

Send correct path on file upload when using public app

apps/files/ajax/upload.php

@@ -22,6 +22,7 @@ if (empty($_POST['dirToken'])) {
 } else {
 	// return only read permissions for public upload
 	$allowedPermissions = OCP\PERMISSION_READ;
+	$public_directory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/';
 
 	$linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
 	if ($linkItem === false) {
@@ -45,7 +46,7 @@ if (empty($_POST['dirToken'])) {
 		$dir = sprintf(
 			"/%s/%s",
 			$path,
-			isset($_POST['subdir']) ? $_POST['subdir'] : ''
+			$public_directory
 		);
 
 		if (!$dir || empty($dir) || $dir === false) {
@@ -112,7 +113,14 @@ if (strpos($dir, '..') === false) {
 		} else {
 			$target = \OC\Files\Filesystem::normalizePath(stripslashes($dir).'/'.$files['name'][$i]);
 		}
-		
+
+		$directory = \OC\Files\Filesystem::normalizePath(stripslashes($dir));
+		if (isset($public_directory)) {
+			// If we are uploading from the public app,
+			// we want to send the relative path in the ajax request.
+			$directory = $public_directory;
+		}
+
 		if ( ! \OC\Files\Filesystem::file_exists($target)
 			|| (isset($_POST['resolution']) && $_POST['resolution']==='replace')
 		) {
@@ -140,7 +148,7 @@ if (strpos($dir, '..') === false) {
 							'uploadMaxFilesize' => $maxUploadFileSize,
 							'maxHumanFilesize' => $maxHumanFileSize,
 							'permissions' => $meta['permissions'] & $allowedPermissions,
-							'directory' => \OC\Files\Filesystem::normalizePath(stripslashes($dir)),
+							'directory' => $directory,
 						);
 					}
 
@@ -168,7 +176,7 @@ if (strpos($dir, '..') === false) {
 					'uploadMaxFilesize' => $maxUploadFileSize,
 					'maxHumanFilesize' => $maxHumanFileSize,
 					'permissions' => $meta['permissions'] & $allowedPermissions,
-					'directory' => \OC\Files\Filesystem::normalizePath(stripslashes($dir)),
+					'directory' => $directory,
 				);
 			}
 		}