Skip to content

[stable26] fix: Apply checks on shares in the middleware #6514

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
juliusknorr merged 2 commits into from
Oct 9, 2024
Merged

[stable26] fix: Apply checks on shares in the middleware #6514

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d68f700
fix: Apply checks on shares in the middleware
juliusknorr Aug 26, 2024
04caf06
ci: Bump github artifacts
juliusknorr Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: Apply checks on shares in the middleware 
Signed-off-by: Julius Härtl <[email protected]>
Signed-off-by: Max <[email protected]>
  • Loading branch information
@juliusknorr @max-nextcloud
juliusknorr authored and max-nextcloud committed Oct 9, 2024
commit d68f700e6e420f901af88a05c876df7f55aeef02
28 changes: 28 additions & 0 deletions lib/Service/AttachmentService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
use OCP\Files\NotPermittedException;
use OCP\Files\SimpleFS\ISimpleFile;
use OCP\IPreview;
use OCP\ISession;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IShare;
use OCP\Util;
Expand All @@ -59,6 +60,10 @@ class AttachmentService {
* @var IPreview
*/
private $previewManager;
/**
* @var ISession
*/
private $session;
/**
* @var IMimeTypeDetector
*/
Expand All @@ -67,10 +72,12 @@ class AttachmentService {
public function __construct(IRootFolder $rootFolder,
ShareManager $shareManager,
IPreview $previewManager,
ISession $session,
IMimeTypeDetector $mimeTypeDetector) {
$this->rootFolder = $rootFolder;
$this->shareManager = $shareManager;
$this->previewManager = $previewManager;
$this->session = $session;
$this->mimeTypeDetector = $mimeTypeDetector;
}

Expand Down Expand Up @@ -545,6 +552,27 @@ private function getTextFilePublic(?int $documentId, string $shareToken): File {
try {
$share = $this->shareManager->getShareByToken($shareToken);
if ($share->getShareType() === IShare::TYPE_LINK) {

// check for password if required
/** @psalm-suppress RedundantConditionGivenDocblockType */
if ($share->getPassword() !== null) {
$shareId = $this->session->get('public_link_authenticated');
if ($share->getId() !== $shareId) {
throw new ShareNotFound();
}
}

// check read permission
if (($share->getPermissions() & Constants::PERMISSION_READ) !== Constants::PERMISSION_READ) {
throw new ShareNotFound();
}

// check download permission
$attributes = $share->getAttributes();
if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
throw new ShareNotFound();
}

// shared file or folder?
if ($share->getNodeType() === 'file') {
$textFile = $share->getNode();
Expand Down