diff options
author | steckbrief <steckbrief@chefmail.de> | 2017-05-27 20:32:12 +0200 |
---|---|---|
committer | steckbrief <steckbrief@chefmail.de> | 2017-05-27 20:34:06 +0200 |
commit | 6bd2862f8f6b37f145097767ebbbedbc5e243443 (patch) | |
tree | c08f3de7bec7998ae6f65a1fd09ebeb4e55ef1cf /storage-backend | |
parent | 16d3261f03b2d2ed9cd0b467fada388a207a1f67 (diff) |
storage-backend: load parameters only once while deleting a file
Diffstat (limited to '')
-rw-r--r-- | storage-backend/index.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/storage-backend/index.php b/storage-backend/index.php index 6bcc5fe..b432760 100644 --- a/storage-backend/index.php +++ b/storage-backend/index.php @@ -164,9 +164,9 @@ switch ($method) { sendHttpReturnCodeAndJson(403, 'Server is not allowed to delete a file'); } + $slotParameters = loadSlotParameters($slotUUID, $config); if ($config['delete_only_by_creator']) { - $slotParameters = loadSlotParameters($slotUUID, $config); - if ($slotParameters['user_jid'] != $userJid) { + if (getBareJid($slotParameters['user_jid']) != getBareJid($userJid)) { sendHttpReturnCodeAndJson(403, "Deletion of that file is only allowed by the user created it."); } } @@ -174,7 +174,7 @@ switch ($method) { if (!slotExists($slotUUID, $config)) { sendHttpReturnCodeAndJson(403, "The slot does not exist."); } - $slotParameters = loadSlotParameters($slotUUID, $config); + if (!checkFilenameParameter($filename, $slotParameters)) { sendHttpReturnCodeAndJson(403, "Filename to delete differs from requested slot filename."); } |