diff options
| author | Joas Schilling <coding@schilljs.com> | 2019-04-10 11:25:32 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2019-04-10 14:26:09 +0300 |
| commit | 6436795b192f67601276054479a789803babab9b (patch) | |
| tree | f7bbffbe1ac55262054f38d15779fbfec7c15b25 /lib/Share | |
| parent | 9ebd17dcc4df903781b1649650c5bb6d574a42cd (diff) | |
Remove conversation names and tokens when you are not a participant
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib/Share')
| -rw-r--r-- | lib/Share/Helper/ShareAPIController.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/Share/Helper/ShareAPIController.php b/lib/Share/Helper/ShareAPIController.php index 64398f56a..04ecfdc4d 100644 --- a/lib/Share/Helper/ShareAPIController.php +++ b/lib/Share/Helper/ShareAPIController.php @@ -85,6 +85,14 @@ class ShareAPIController { } $result['share_with_displayname'] = $room->getDisplayName($this->userId); + try { + $room->getParticipant($this->userId); + } catch (ParticipantNotFoundException $e) { + // Removing the conversation token from the leaked data if not a participant. + // Adding some unique but reproducable part to the share_with here + // so the avatars for conversations are distinguishable + $result['share_with'] = 'private_conversation_' . substr(sha1($room->getName() . $room->getId()), 0, 6); + } if ($room->getType() === Room::PUBLIC_CALL) { $result['token'] = $share->getToken(); } |