v1.1.24
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
efe13b0f43
commit
719b159a44
3
CHANGELOG.md
Normal file
3
CHANGELOG.md
Normal file
@ -0,0 +1,3 @@
|
||||
**1.1.24**
|
||||
- Bug: Fix undefined PHP notices
|
||||
- Security: Properly check for password on password protected shares
|
@ -5,7 +5,7 @@
|
||||
<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
|
||||
<summary>Edit office documents directly in your browser.</summary>
|
||||
<licence>AGPL</licence>
|
||||
<version>1.1.23</version>
|
||||
<version>1.1.24</version>
|
||||
<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
|
||||
<bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
|
||||
<repository type="git">https://github.com/nextcloud/richdocuments.git</repository>
|
||||
|
@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse;
|
||||
use \OCA\Richdocuments\AppConfig;
|
||||
use \OCA\Richdocuments\Helper;
|
||||
use \OC\Files\View;
|
||||
use OCP\ISession;
|
||||
use OCP\Share\IManager;
|
||||
|
||||
class DocumentController extends Controller {
|
||||
@ -43,6 +44,8 @@ class DocumentController extends Controller {
|
||||
private $shareManager;
|
||||
/** @var TokenManager */
|
||||
private $tokenManager;
|
||||
/** @var ISession */
|
||||
private $session;
|
||||
/** @var IRootFolder */
|
||||
private $rootFolder;
|
||||
|
||||
@ -58,6 +61,7 @@ class DocumentController extends Controller {
|
||||
* @param IManager $shareManager
|
||||
* @param TokenManager $tokenManager
|
||||
* @param IRootFolder $rootFolder
|
||||
* @param ISession $session
|
||||
* @param string $UserId
|
||||
*/
|
||||
public function __construct($appName,
|
||||
@ -69,6 +73,7 @@ class DocumentController extends Controller {
|
||||
IManager $shareManager,
|
||||
TokenManager $tokenManager,
|
||||
IRootFolder $rootFolder,
|
||||
ISession $session,
|
||||
$UserId) {
|
||||
parent::__construct($appName, $request);
|
||||
$this->uid = $UserId;
|
||||
@ -79,6 +84,7 @@ class DocumentController extends Controller {
|
||||
$this->shareManager = $shareManager;
|
||||
$this->tokenManager = $tokenManager;
|
||||
$this->rootFolder = $rootFolder;
|
||||
$this->session = $session;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -127,6 +133,15 @@ class DocumentController extends Controller {
|
||||
public function publicPage($shareToken, $fileName) {
|
||||
try {
|
||||
$share = $this->shareManager->getShareByToken($shareToken);
|
||||
// not authenticated ?
|
||||
if($share->getPassword()){
|
||||
if (!$this->session->exists('public_link_authenticated')
|
||||
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
|
||||
) {
|
||||
throw new \Exception('Invalid password');
|
||||
}
|
||||
}
|
||||
|
||||
$node = $share->getNode();
|
||||
if($node instanceof Folder) {
|
||||
$item = $node->get($fileName);
|
||||
|
@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{
|
||||
return array(
|
||||
'owner' => $row['owner_uid'],
|
||||
'editor' => $row['editor_uid'],
|
||||
'path' => $row['path'],
|
||||
'canwrite' => $row['canwrite'],
|
||||
'server_host' => $row['server_host']
|
||||
);
|
||||
|
@ -19,8 +19,3 @@ script('richdocuments', 'documents');
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
|
||||
<?php if ($_['enable_previews']): ?>
|
||||
<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />
|
||||
<?php endif; ?>
|
||||
<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />
|
Loading…
x
Reference in New Issue
Block a user