aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--storage-backend/index.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/storage-backend/index.php b/storage-backend/index.php
index 6bcc5fe..b432760 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -164,9 +164,9 @@ switch ($method) {
sendHttpReturnCodeAndJson(403, 'Server is not allowed to delete a file');
}
- if ($config['delete_only_by_creator']) {
$slotParameters = loadSlotParameters($slotUUID, $config);
- if ($slotParameters['user_jid'] != $userJid) {
+ if ($config['delete_only_by_creator']) {
+ if (getBareJid($slotParameters['user_jid']) != getBareJid($userJid)) {
sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
}
}
@@ -174,7 +174,7 @@ switch ($method) {
if (!slotExists($slotUUID, $config)) {
sendHttpReturnCodeAndJson(403, "The slot does not exist.");
}
- $slotParameters = loadSlotParameters($slotUUID, $config);
+
if (!checkFilenameParameter($filename, $slotParameters)) {
sendHttpReturnCodeAndJson(403, "Filename to delete differs from requested slot filename.");
}