Fix VarsFiltering issues: when PARENT_REPOSITORY_OPTION do not go further. Do not filter repository display anymore for sec reasons.

cdujeu · cdujeu · commit d69034f03556 · 2016-10-01T09:29:04.000+02:00
diff --git a/core/src/core/src/pydio/Core/Utils/Vars/VarsFilter.php b/core/src/core/src/pydio/Core/Utils/Vars/VarsFilter.php
@@ -51,6 +51,21 @@ class VarsFilter
      */
     public static function filter($value, ContextInterface $ctx)
     {
+        // If AJXP_PARENT_OPTION, resolve and return directly, do not filter the real value.
+        if(is_string($value) && preg_match("/AJXP_PARENT_OPTION:([\w_-]*):/", $value, $matches)){
+            $repoObject = $ctx->getRepository();
+            $parentRepository = $repoObject->getParentRepository();
+            if(empty($parentRepository)){
+                throw new PydioException("Cannot resolve ".$matches[0]." without parent workspace");
+            }
+            $parentOwner = $ctx->getRepository()->getOwner();
+            $parentContext = Context::contextWithObjects(null, $parentRepository);
+            $parentContext->setUserId($parentOwner);
+            $parentPath = rtrim($parentRepository->getContextOption($parentContext, $matches[1]), "/");
+            $value = str_replace($matches[0], $parentPath, $value);
+            return $value;
+        }
+
         if (is_string($value) && strpos($value, "AJXP_USER")!==false) {
             if (UsersService::usersEnabled()) {
                 if(!$ctx->hasUser()){
@@ -85,18 +100,6 @@ public static function filter($value, ContextInterface $ctx)
         if (is_string($value) && strstr($value, "AJXP_WORKSPACE_SLUG") !== false) {
             $value = rtrim(str_replace("AJXP_WORKSPACE_SLUG", $ctx->getRepository()->getSlug(), $value), "/");
         }
-        if(is_string($value) && preg_match("/AJXP_PARENT_OPTION:([\w_-]*):/", $value, $matches)){
-            $repoObject = $ctx->getRepository();
-            $parentRepository = $repoObject->getParentRepository();
-            if(empty($parentRepository)){
-                throw new PydioException("Cannot resolve ".$matches[0]." without parent workspace");
-            }
-            $parentOwner = $ctx->getRepository()->getOwner();
-            $parentContext = Context::contextWithObjects(null, $parentRepository);
-            $parentContext->setUserId($parentOwner);
-            $parentPath = rtrim($parentRepository->getContextOption($parentContext, $matches[1]), "/");
-            $value = str_replace($matches[0], $parentPath, $value);
-        }
 
         $tab = array(&$value, $ctx);
         Controller::applyIncludeHook("vars.filter", $tab);
diff --git a/core/src/plugins/core.access/src/Model/Repository.php b/core/src/plugins/core.access/src/Model/Repository.php
@@ -425,7 +425,7 @@ public function getDisplay()
                 return $mess[$this->displayStringId];
             }
         }
-        return VarsFilter::filter($this->display, Context::emptyContext());
+        return $this->display;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -425,7 +425,7 @@ public function getDisplay()`
`425`	`425`	`return $mess[$this->displayStringId];`
`426`	`426`	`}`
`427`	`427`	`}`
`428`		`- return VarsFilter::filter($this->display, Context::emptyContext());`
	`428`	`+ return $this->display;`
`429`	`429`	`}`
`430`	`430`
`431`	`431`	`/**`