DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

v1.1.24

Browse Source 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
Lukas Reschke 2016-12-13 11:29:36 +01:00
parent efe13b0f43
commit 719b159a44
No known key found for this signature in database
GPG Key ID: B9F6980CF6E759B1
5 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md Normal file
View File

@ -0,0 +1,3 @@
**1.1.24**
- Bug: Fix undefined PHP notices
- Security: Properly check for password on password protected shares

2
appinfo/info.xml
View File

@ -5,7 +5,7 @@
<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description> <description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
<summary>Edit office documents directly in your browser.</summary> <summary>Edit office documents directly in your browser.</summary>
<licence>AGPL</licence> <licence>AGPL</licence>
<version>1.1.23</version> <version>1.1.24</version>
<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author> <author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
<bugs>https://github.com/nextcloud/richdocuments/issues</bugs> <bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
<repository type="git">https://github.com/nextcloud/richdocuments.git</repository> <repository type="git">https://github.com/nextcloud/richdocuments.git</repository>

15
lib/Controller/DocumentController.php
View File

@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse;
use \OCA\Richdocuments\AppConfig; use \OCA\Richdocuments\AppConfig;
use \OCA\Richdocuments\Helper; use \OCA\Richdocuments\Helper;
use \OC\Files\View; use \OC\Files\View;
use OCP\ISession;
use OCP\Share\IManager; use OCP\Share\IManager;
class DocumentController extends Controller { class DocumentController extends Controller {
@ -43,6 +44,8 @@ class DocumentController extends Controller {
private $shareManager; private $shareManager;
/** @var TokenManager */ /** @var TokenManager */
private $tokenManager; private $tokenManager;
/** @var ISession */
private $session;
/** @var IRootFolder */ /** @var IRootFolder */
private $rootFolder; private $rootFolder;
@ -58,6 +61,7 @@ class DocumentController extends Controller {
* @param IManager $shareManager * @param IManager $shareManager
* @param TokenManager $tokenManager * @param TokenManager $tokenManager
* @param IRootFolder $rootFolder * @param IRootFolder $rootFolder
* @param ISession $session
* @param string $UserId * @param string $UserId
*/ */
public function __construct($appName, public function __construct($appName,
@ -69,6 +73,7 @@ class DocumentController extends Controller {
IManager $shareManager, IManager $shareManager,
TokenManager $tokenManager, TokenManager $tokenManager,
IRootFolder $rootFolder, IRootFolder $rootFolder,
ISession $session,
$UserId) { $UserId) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
$this->uid = $UserId; $this->uid = $UserId;
@ -79,6 +84,7 @@ class DocumentController extends Controller {
$this->shareManager = $shareManager; $this->shareManager = $shareManager;
$this->tokenManager = $tokenManager; $this->tokenManager = $tokenManager;
$this->rootFolder = $rootFolder; $this->rootFolder = $rootFolder;
$this->session = $session;
} }
/** /**
@ -127,6 +133,15 @@ class DocumentController extends Controller {
public function publicPage($shareToken, $fileName) { public function publicPage($shareToken, $fileName) {
try { try {
$share = $this->shareManager->getShareByToken($shareToken); $share = $this->shareManager->getShareByToken($shareToken);
// not authenticated ?
if($share->getPassword()){
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
throw new \Exception('Invalid password');
}
}
$node = $share->getNode(); $node = $share->getNode();
if($node instanceof Folder) { if($node instanceof Folder) {
$item = $node->get($fileName); $item = $node->get($fileName);

1
lib/db/wopi.php
View File

@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{
return array( return array(
'owner' => $row['owner_uid'], 'owner' => $row['owner_uid'],
'editor' => $row['editor_uid'], 'editor' => $row['editor_uid'],
'path' => $row['path'],
'canwrite' => $row['canwrite'], 'canwrite' => $row['canwrite'],
'server_host' => $row['server_host'] 'server_host' => $row['server_host']
); );

5
templates/documents.php
View File

@ -19,8 +19,3 @@ script('richdocuments', 'documents');
</li> </li>
</ul> </ul>
</div> </div>
<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
<?php if ($_['enable_previews']): ?>
<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />
<?php endif; ?>
<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />