From 6bd2862f8f6b37f145097767ebbbedbc5e243443 Mon Sep 17 00:00:00 2001
From: steckbrief <steckbrief@chefmail.de>
Date: Sat, 27 May 2017 20:32:12 +0200
Subject: storage-backend: load parameters only once while deleting a file

---
 storage-backend/index.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/storage-backend/index.php b/storage-backend/index.php
index 6bcc5fe..b432760 100644
--- a/storage-backend/index.php
+++ b/storage-backend/index.php
@@ -164,9 +164,9 @@ switch ($method) {
       sendHttpReturnCodeAndJson(403, 'Server is not allowed to delete a file');
     }
 
+    $slotParameters = loadSlotParameters($slotUUID, $config);
     if ($config['delete_only_by_creator']) {
-      $slotParameters = loadSlotParameters($slotUUID, $config);
-      if ($slotParameters['user_jid'] != $userJid) {
+      if (getBareJid($slotParameters['user_jid']) != getBareJid($userJid)) {
         sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it.");
       }
     }
@@ -174,7 +174,7 @@ switch ($method) {
     if (!slotExists($slotUUID, $config)) {
       sendHttpReturnCodeAndJson(403, "The slot does not exist.");
     }
-    $slotParameters = loadSlotParameters($slotUUID, $config);
+    
     if (!checkFilenameParameter($filename, $slotParameters)) {
       sendHttpReturnCodeAndJson(403, "Filename to delete differs from requested slot filename.");
     }
-- 
cgit v1.2.3