diff options
author | Pranav Kant <pranavk@collabora.co.uk> | 2016-10-26 16:29:27 +0300 |
---|---|---|
committer | Pranav Kant <pranavk@collabora.co.uk> | 2016-10-27 15:27:46 +0300 |
commit | a12ff8d0d20435a9b74c6e3ad4f9c69d865984a5 (patch) | |
tree | c8dfa8c8082fb45d6b2460ac66fc3b04e9e4fd0f /lib | |
parent | 46bd131dbe5ff023160dd0f87c5b8e753244ab6d (diff) |
security: Support WOPI's PostMessageOrigin
Adds a new property PostMessageOrigin to WOPI's CheckFileInfo.
The inner frame then only sends message to target with origin
mentioned in this property.
Also implement editor initialization WOPI specs. Inner frame
sends a App_LoadingStatus message to us when ready, and we send
Host_PostmessageReady when we are ready.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/db/wopi.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/db/wopi.php b/lib/db/wopi.php index c4ea3830..36cda195 100644 --- a/lib/db/wopi.php +++ b/lib/db/wopi.php @@ -29,8 +29,8 @@ class Wopi extends \OCA\Richdocuments\Db{ protected $tableName = '`*PREFIX*richdocuments_wopi`'; - protected $insertStatement = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`owner_uid`, `editor_uid`, `fileid`, `version`, `path`, `canwrite`, `token`, `expiry`) - VALUES (?, ?, ?, ?, ?, ?, ?, ?)'; + protected $insertStatement = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`owner_uid`, `editor_uid`, `fileid`, `version`, `path`, `canwrite`, `server_host`, `token`, `expiry`) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)'; protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?'; @@ -41,7 +41,7 @@ class Wopi extends \OCA\Richdocuments\Db{ * its the version number as stored by files_version app * Returns the token. */ - public function generateFileToken($fileId, $version, $updatable){ + public function generateFileToken($fileId, $version, $updatable, $serverHost){ // Get the FS view of the current user. $view = \OC\Files\Filesystem::getView(); @@ -80,6 +80,7 @@ class Wopi extends \OCA\Richdocuments\Db{ $version, $path, $updatable, + $serverHost, $token, time() + self::TOKEN_LIFETIME_SECONDS ]); @@ -125,7 +126,8 @@ class Wopi extends \OCA\Richdocuments\Db{ 'owner' => $row['owner_uid'], 'editor' => $row['editor_uid'], 'path' => $row['path'], - 'canwrite' => $row['canwrite'] + 'canwrite' => $row['canwrite'], + 'server_host' => $row['server_host'] ); } } |