plugins-nextcloud-mirror/richdocuments
1
0
Fork 0
mirror of https://github.com/nextcloud/richdocuments.git synced 2025-12-17 21:12:14 +01:00
Code Projects Releases Activity

fix: Properly handle authenticated links being an array

Browse source 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
This commit is contained in:
Julius Knorr 2025-11-26 14:30:40 +01:00
parent 5b55e0dd34
commit 9cadb38cbf
No known key found for this signature in database
GPG key ID: 4C614C6ED2CDE6DF
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/Controller/DocumentAPIController.php
View file

@ -65,9 +65,11 @@ class DocumentAPIController extends \OCP\AppFramework\OCSController {
$share = $this->shareManager->getShareByToken($shareToken);
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}

17
lib/Controller/DocumentController.php
View file

@ -242,9 +242,11 @@ class DocumentController extends Controller {
$share = $this->shareManager->getShareByToken($shareToken);
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}
@ -459,9 +461,12 @@ class DocumentController extends Controller {
private function getFileForShare(IShare $share, ?int $fileId, ?string $path = null): File {
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new NotPermittedException('Invalid password');
}
}