Skip to content

add "hide file list" option #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LukasReschke merged 11 commits into from
Jun 10, 2016
Merged

add "hide file list" option #19

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
bb54ab0
add hide file list option
schiessle Jun 7, 2016
66d8536
block webdav access if share is not readable
schiessle Jun 8, 2016
075bf73
Prevent access to shareinfo if share if read-only
LukasReschke Jun 8, 2016
53ba111
Fix XSS
LukasReschke Jun 9, 2016
5fdde42
Add fancy layout
LukasReschke Jun 9, 2016
6e99b0f
Make uploading possible via select and cleanup CSS
LukasReschke Jun 9, 2016
e878e78
Fix public upload for normal shares
LukasReschke Jun 9, 2016
0b00a06
Fix indentation
LukasReschke Jun 9, 2016
c268ad1
Add PHP unit test
LukasReschke Jun 9, 2016
c49402d
Add some error handling
LukasReschke Jun 9, 2016
54e2ac5
Add text about uploaded files
LukasReschke Jun 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Prevent access to shareinfo if share if read-only
  • Loading branch information
@LukasReschke
LukasReschke committed Jun 9, 2016
commit 075bf73c80882943acc6c73abbcc026046e6b226
7 changes: 7 additions & 0 deletions apps/files_sharing/ajax/publicpreview.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@
}

$linkedItem = \OCP\Share::getShareByToken($token);
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken($token);
if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
OCP\JSON::error(array('data' => 'Share is not readable.'));
exit();
}

if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
Expand Down
5 changes: 5 additions & 0 deletions apps/files_sharing/ajax/shareinfo.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@
$share = $shareManager->getShareByToken($token);
$sharePermissions= (int)$share->getPermissions();

if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
OCP\JSON::error(array('data' => 'Share is not readable.'));
exit();
}

/**
* @param \OCP\Files\FileInfo $dir
* @param \OC\Files\View $view
Expand Down
8 changes: 7 additions & 1 deletion apps/files_sharing/lib/Controllers/ShareController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,7 @@ private function validateShare(\OCP\Share\IShare $share) {
* @param string $path
* @return TemplateResponse|RedirectResponse
* @throws NotFoundException
* @throws \Exception
*/
public function showShare($token, $path = '') {
\OC_User::setIncognitoMode(true);
Expand Down Expand Up @@ -373,13 +374,18 @@ public function showShare($token, $path = '') {
* @param string $files
* @param string $path
* @param string $downloadStartSecret
* @return void|RedirectResponse
* @return void|OCP\AppFramework\Http\Response
* @throws NotFoundException
*/
public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
\OC_User::setIncognitoMode(true);

$share = $this->shareManager->getShareByToken($token);

if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
return new OCP\AppFramework\Http\DataResponse('Share is read-only');
}

// Share is password protected - check whether the user is permitted to access the share
if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
Expand Down