From e0a903243be16b461cedfc223d59abe42bd527a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Mudr=C3=A1k?= Date: Fri, 15 Sep 2017 15:13:05 +0200 Subject: [PATCH] MDL-59505 oauth2: Fix storage of access controlled links When files are copied into the system account's drive, they are put into folders respecting the structure of contexts. Folder names were based on context names only and so were likely to collide (such as with users with the same name). The patch ads context instance identifiers to the name so that they can be identified more reliably. --- repository/googledocs/lib.php | 21 +++++++++++++++++++-- repository/onedrive/lib.php | 21 +++++++++++++++++++-- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/repository/googledocs/lib.php b/repository/googledocs/lib.php index 401c71d56f6..88e5c9a3f3c 100644 --- a/repository/googledocs/lib.php +++ b/repository/googledocs/lib.php @@ -901,6 +901,8 @@ class repository_googledocs extends repository { * @return string updated reference (final one before it's saved to db). */ public function reference_file_selected($reference, $context, $component, $filearea, $itemid) { + global $CFG, $SITE; + // What we need to do here is transfer ownership to the system user (or copy) // then set the permissions so anyone with the share link can view, // finally update the reference to contain the share link if it was not @@ -949,8 +951,23 @@ class repository_googledocs extends repository { $fullpath = 'root'; $allfolders = []; foreach ($contextlist as $context) { - // Make sure a folder exists here. - $foldername = clean_param($context->get_context_name(), PARAM_PATH); + // Prepare human readable context folders names, making sure they are still unique within the site. + $prevlang = force_current_language($CFG->lang); + $foldername = $context->get_context_name(); + force_current_language($prevlang); + + if ($context->contextlevel == CONTEXT_SYSTEM) { + // Append the site short name to the root folder. + $foldername .= ' ('.$SITE->shortname.')'; + // Append the relevant object id. + } else if ($context->instanceid) { + $foldername .= ' (id '.$context->instanceid.')'; + } else { + // This does not really happen but just in case. + $foldername .= ' (ctx '.$context->id.')'; + } + + $foldername = clean_param($foldername, PARAM_PATH); $allfolders[] = $foldername; } diff --git a/repository/onedrive/lib.php b/repository/onedrive/lib.php index 796bdc0f877..f03c8dcaa30 100644 --- a/repository/onedrive/lib.php +++ b/repository/onedrive/lib.php @@ -848,6 +848,8 @@ class repository_onedrive extends repository { * @return string $modifiedreference (final one before saving to DB) */ public function reference_file_selected($reference, $context, $component, $filearea, $itemid) { + global $CFG, $SITE; + // What we need to do here is transfer ownership to the system user (or copy) // then set the permissions so anyone with the share link can view, // finally update the reference to contain the share link if it was not @@ -897,8 +899,23 @@ class repository_onedrive extends repository { $fullpath = ''; $allfolders = []; foreach ($contextlist as $context) { - // Make sure a folder exists here. - $foldername = urlencode(clean_param($context->get_context_name(), PARAM_PATH)); + // Prepare human readable context folders names, making sure they are still unique within the site. + $prevlang = force_current_language($CFG->lang); + $foldername = $context->get_context_name(); + force_current_language($prevlang); + + if ($context->contextlevel == CONTEXT_SYSTEM) { + // Append the site short name to the root folder. + $foldername .= '_'.$SITE->shortname; + // Append the relevant object id. + } else if ($context->instanceid) { + $foldername .= '_id_'.$context->instanceid; + } else { + // This does not really happen but just in case. + $foldername .= '_ctx_'.$context->id; + } + + $foldername = urlencode(clean_param($foldername, PARAM_PATH)); $allfolders[] = $foldername; }