Redirect to the right token on public shares

If the token doesn't match (or isn't set) during the redirect. We should properly set it. Else we might redirect to a later auth display that set these values. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-23 14:42:59 +0300
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-05-23 14:49:04 +0300
commit: 96e51b5f6f36c9008548ee50100838ff7d0e26bc (patch)
tree: 05bf95f8fdeaff81c167d4381c5db6129670f8eb /lib/public/AppFramework
parent: e38f55d78811f40b8b1350a0a3098e489703c735 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php
index ffd2bddd24b..37a8cedcd7e 100644
--- a/lib/public/AppFramework/AuthPublicShareController.php
+++ b/lib/public/AppFramework/AuthPublicShareController.php
@@ -185,6 +185,20 @@ abstract class AuthPublicShareController extends PublicShareController {
 				$route = $params['_route'];
 				unset($params['_route']);
 			}
+
+			// If the token doesn't match the rest of the arguments can't be trusted either
+			if (isset($params['token']) && $params['token'] !== $this->getToken()) {
+				$params = [
+					'token' => $this->getToken(),
+				];
+			}
+
+			// We need a token
+			if (!isset($params['token'])) {
+				$params = [
+					'token' => $this->getToken(),
+				];
+			}
 		}
 
 		return new RedirectResponse($this->urlGenerator->linkToRoute($route, $params));
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-05-23 14:42:59 +0300
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-05-23 14:49:04 +0300
commit	96e51b5f6f36c9008548ee50100838ff7d0e26bc (patch)
tree	05bf95f8fdeaff81c167d4381c5db6129670f8eb /lib/public/AppFramework
parent	e38f55d78811f40b8b1350a0a3098e489703c735 (diff)