Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/richdocuments.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Controller/DocumentController.php15
-rw-r--r--lib/db/wopi.php1
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 4a93558c..4fde3599 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse;
use \OCA\Richdocuments\AppConfig;
use \OCA\Richdocuments\Helper;
use \OC\Files\View;
+use OCP\ISession;
use OCP\Share\IManager;
class DocumentController extends Controller {
@@ -43,6 +44,8 @@ class DocumentController extends Controller {
private $shareManager;
/** @var TokenManager */
private $tokenManager;
+ /** @var ISession */
+ private $session;
/** @var IRootFolder */
private $rootFolder;
@@ -58,6 +61,7 @@ class DocumentController extends Controller {
* @param IManager $shareManager
* @param TokenManager $tokenManager
* @param IRootFolder $rootFolder
+ * @param ISession $session
* @param string $UserId
*/
public function __construct($appName,
@@ -69,6 +73,7 @@ class DocumentController extends Controller {
IManager $shareManager,
TokenManager $tokenManager,
IRootFolder $rootFolder,
+ ISession $session,
$UserId) {
parent::__construct($appName, $request);
$this->uid = $UserId;
@@ -79,6 +84,7 @@ class DocumentController extends Controller {
$this->shareManager = $shareManager;
$this->tokenManager = $tokenManager;
$this->rootFolder = $rootFolder;
+ $this->session = $session;
}
/**
@@ -127,6 +133,15 @@ class DocumentController extends Controller {
public function publicPage($shareToken, $fileName) {
try {
$share = $this->shareManager->getShareByToken($shareToken);
+ // not authenticated ?
+ if($share->getPassword()){
+ if (!$this->session->exists('public_link_authenticated')
+ || $this->session->get('public_link_authenticated') !== (string)$share->getId()
+ ) {
+ throw new \Exception('Invalid password');
+ }
+ }
+
$node = $share->getNode();
if($node instanceof Folder) {
$item = $node->get($fileName);
diff --git a/lib/db/wopi.php b/lib/db/wopi.php
index 232a533d..d7467659 100644
--- a/lib/db/wopi.php
+++ b/lib/db/wopi.php
@@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{
return array(
'owner' => $row['owner_uid'],
'editor' => $row['editor_uid'],
- 'path' => $row['path'],
'canwrite' => $row['canwrite'],
'server_host' => $row['server_host']
);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-03 09:33:28 +0300