diff options
| author | Julien Veyssier <eneiluj@posteo.net> | 2021-12-28 17:51:08 +0300 |
|---|---|---|
| committer | Julien Veyssier <eneiluj@posteo.net> | 2022-01-03 12:27:39 +0300 |
| commit | 87944276b95061df47c99dd956a0b1a3794d7e5c (patch) | |
| tree | dee94b6d900dc3da84163edc4f96e6d2568cd8e8 /lib | |
| parent | d64bb669ef86ddf7f83e822fd1a297572494c143 (diff) | |
return 403 when session is invalid
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Controller/ImageController.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php index 675fcfe1f..03ad4ace7 100644 --- a/lib/Controller/ImageController.php +++ b/lib/Controller/ImageController.php @@ -91,7 +91,7 @@ class ImageController extends Controller { */ public function insertImageFile(int $documentId, int $sessionId, string $sessionToken, string $imagePath): DataResponse { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { - return new DataResponse([], Http::STATUS_INTERNAL_SERVER_ERROR); + return new DataResponse([], Http::STATUS_FORBIDDEN); } $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken); $userId = $session->getUserId(); @@ -118,7 +118,7 @@ class ImageController extends Controller { */ public function insertImageLink(string $link, int $documentId, int $sessionId, string $sessionToken, ?string $shareToken = null): DataResponse { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { - return new DataResponse([], Http::STATUS_INTERNAL_SERVER_ERROR); + return new DataResponse([], Http::STATUS_FORBIDDEN); } try { @@ -148,7 +148,7 @@ class ImageController extends Controller { */ public function uploadImage(int $documentId, int $sessionId, string $sessionToken, ?string $shareToken = null): DataResponse { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { - return new DataResponse([], Http::STATUS_INTERNAL_SERVER_ERROR); + return new DataResponse([], Http::STATUS_FORBIDDEN); } try { @@ -190,7 +190,7 @@ class ImageController extends Controller { */ public function getImage(int $documentId, int $sessionId, string $sessionToken, string $imageFileName, ?string $shareToken = null): DataDisplayResponse { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { - return new DataDisplayResponse('', Http::STATUS_NOT_FOUND); + return new DataDisplayResponse('', Http::STATUS_FORBIDDEN); } try { |