diff options
author | Joas Schilling <coding@schilljs.com> | 2019-08-16 22:10:00 +0300 |
---|---|---|
committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2019-09-26 11:54:28 +0300 |
commit | 41a15569570b1b1208d7a4c2221fb0a9efcb2711 (patch) | |
tree | e93619febb0594e92d15f1f64cf5aceecc53ecff /lib/Files | |
parent | b4a2907146daf30913208e9848a8c133b2dc666c (diff) |
Correctly check if the share has a password and if it was entered correctly.
This prevents joining the room for a file shared by link and protected
by password if the password has not been entered yet.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Files')
-rw-r--r-- | lib/Files/Util.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/Files/Util.php b/lib/Files/Util.php index c3f45dabc..c4dc0af10 100644 --- a/lib/Files/Util.php +++ b/lib/Files/Util.php @@ -28,6 +28,7 @@ use OCP\Files\FileInfo; use OCP\Files\IRootFolder; use OCP\Files\Node; use OCP\Files\NotFoundException; +use OCP\ISession; use OCP\Share\Exceptions\ShareNotFound; use OCP\Share\IManager as IShareManager; use OCP\Share\IShare; @@ -36,14 +37,18 @@ class Util { /** @var IRootFolder */ private $rootFolder; + /** @var ISession */ + private $session; /** @var IShareManager */ private $shareManager; /** @var array[] */ private $accessLists = []; public function __construct(IRootFolder $rootFolder, + ISession $session, IShareManager $shareManager) { $this->rootFolder = $rootFolder; + $this->session = $session; $this->shareManager = $shareManager; } @@ -70,7 +75,13 @@ class Util { public function canGuestAccessFile(string $shareToken): bool { try { - $this->shareManager->getShareByToken($shareToken); + $share = $this->shareManager->getShareByToken($shareToken); + if ($share->getPassword() !== null) { + $shareId = $this->session->get('public_link_authenticated'); + if ($share->getId() !== $shareId) { + throw new ShareNotFound(); + } + } return true; } catch (ShareNotFound $e) { return false; |