diff options
author | Joas Schilling <coding@schilljs.com> | 2019-10-22 10:53:41 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2019-10-22 10:59:10 +0300 |
commit | 07edeb40617e86ac65156e3e57f4bd8e99f129c4 (patch) | |
tree | 293fac9c4b03dbf5b6243da54500f9b50d0c51bd | |
parent | 972b14cef20974b0621c059eaf1eae041b2f4744 (diff) |
Don't load shares of files dropv17.0.1rc1
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r-- | lib/Middleware/EnvCheckMiddleware.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/Middleware/EnvCheckMiddleware.php b/lib/Middleware/EnvCheckMiddleware.php index 43b57845..2e2ee835 100644 --- a/lib/Middleware/EnvCheckMiddleware.php +++ b/lib/Middleware/EnvCheckMiddleware.php @@ -16,6 +16,7 @@ namespace OCA\Gallery\Middleware; +use OCP\Constants; use OCP\IRequest; use OCP\IURLGenerator; use OCP\ISession; @@ -130,6 +131,13 @@ class EnvCheckMiddleware extends CheckMiddleware { ); } else { $share = $this->getShare($token); + + if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) { + throw new CheckException( + "Can't access a public resource that is upload only", Http::STATUS_NOT_FOUND + ); + } + $password = $this->request->getParam('password'); // Let's see if the user needs to provide a password $this->checkAuthorisation($share, $password); |