diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2016-12-13 13:29:36 +0300 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-12-13 13:29:36 +0300 |
| commit | 719b159a44e99f23aa8d66df8186c81188c662aa (patch) | |
| tree | 6bef43d7b866814415273a9ce51971a4569baa01 | |
| parent | efe13b0f4315aaeafbb6302ae30df6c60cda21e4 (diff) | |
v1.1.241.1.24
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | appinfo/info.xml | 2 | ||||
| -rw-r--r-- | lib/Controller/DocumentController.php | 15 | ||||
| -rw-r--r-- | lib/db/wopi.php | 1 | ||||
| -rw-r--r-- | templates/documents.php | 5 |
5 files changed, 19 insertions, 7 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..b5f8415f --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,3 @@ +**1.1.24** +- Bug: Fix undefined PHP notices +- Security: Properly check for password on password protected shares
\ No newline at end of file diff --git a/appinfo/info.xml b/appinfo/info.xml index 36969f55..94ca260e 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -5,7 +5,7 @@ <description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description> <summary>Edit office documents directly in your browser.</summary> <licence>AGPL</licence> - <version>1.1.23</version> + <version>1.1.24</version> <author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author> <bugs>https://github.com/nextcloud/richdocuments/issues</bugs> <repository type="git">https://github.com/nextcloud/richdocuments.git</repository> diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php index 4a93558c..4fde3599 100644 --- a/lib/Controller/DocumentController.php +++ b/lib/Controller/DocumentController.php @@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse; use \OCA\Richdocuments\AppConfig; use \OCA\Richdocuments\Helper; use \OC\Files\View; +use OCP\ISession; use OCP\Share\IManager; class DocumentController extends Controller { @@ -43,6 +44,8 @@ class DocumentController extends Controller { private $shareManager; /** @var TokenManager */ private $tokenManager; + /** @var ISession */ + private $session; /** @var IRootFolder */ private $rootFolder; @@ -58,6 +61,7 @@ class DocumentController extends Controller { * @param IManager $shareManager * @param TokenManager $tokenManager * @param IRootFolder $rootFolder + * @param ISession $session * @param string $UserId */ public function __construct($appName, @@ -69,6 +73,7 @@ class DocumentController extends Controller { IManager $shareManager, TokenManager $tokenManager, IRootFolder $rootFolder, + ISession $session, $UserId) { parent::__construct($appName, $request); $this->uid = $UserId; @@ -79,6 +84,7 @@ class DocumentController extends Controller { $this->shareManager = $shareManager; $this->tokenManager = $tokenManager; $this->rootFolder = $rootFolder; + $this->session = $session; } /** @@ -127,6 +133,15 @@ class DocumentController extends Controller { public function publicPage($shareToken, $fileName) { try { $share = $this->shareManager->getShareByToken($shareToken); + // not authenticated ? + if($share->getPassword()){ + if (!$this->session->exists('public_link_authenticated') + || $this->session->get('public_link_authenticated') !== (string)$share->getId() + ) { + throw new \Exception('Invalid password'); + } + } + $node = $share->getNode(); if($node instanceof Folder) { $item = $node->get($fileName); diff --git a/lib/db/wopi.php b/lib/db/wopi.php index 232a533d..d7467659 100644 --- a/lib/db/wopi.php +++ b/lib/db/wopi.php @@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{ return array( 'owner' => $row['owner_uid'], 'editor' => $row['editor_uid'], - 'path' => $row['path'], 'canwrite' => $row['canwrite'], 'server_host' => $row['server_host'] ); diff --git a/templates/documents.php b/templates/documents.php index f9f4d310..41e114e0 100644 --- a/templates/documents.php +++ b/templates/documents.php @@ -19,8 +19,3 @@ script('richdocuments', 'documents'); </li> </ul> </div> -<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" /> -<?php if ($_['enable_previews']): ?> -<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" /> -<?php endif; ?> -<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />
\ No newline at end of file |