plugins-nextcloud-mirror/richdocuments
1
0
Fork 0
mirror of https://github.com/nextcloud/richdocuments.git synced 2025-12-18 05:20:43 +01:00
Code Projects Releases Activity

Merge pull request #5204 from nextcloud/backport/5202/stable31

Browse source 
[stable31] fix: Properly handle authenticated links being an array
This commit is contained in:
Julius Knorr 2025-11-27 11:59:11 +01:00 committed by GitHub
commit f9aeee4e5d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/Controller/DocumentAPIController.php
View file

@ -65,9 +65,11 @@ class DocumentAPIController extends \OCP\AppFramework\OCSController {
$share = $this->shareManager->getShareByToken($shareToken);
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}

17
lib/Controller/DocumentController.php
View file

@ -241,9 +241,11 @@ class DocumentController extends Controller {
$share = $this->shareManager->getShareByToken($shareToken);
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}
@ -458,9 +460,12 @@ class DocumentController extends Controller {
private function getFileForShare(IShare $share, ?int $fileId, ?string $path = null): File {
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new NotPermittedException('Invalid password');
}
}