plugins-nextcloud-mirror/richdocuments
1
0
Fork 0
mirror of https://github.com/nextcloud/richdocuments.git synced 2025-12-17 21:12:14 +01:00
Code Projects Releases Activity

Merge pull request #5202 from nextcloud/fix/5199

Browse source 
fix: Properly handle authenticated links being an array
This commit is contained in:
Julius Knorr 2025-11-27 09:57:58 +01:00 committed by GitHub
commit fcbf00a8d6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/Controller/DocumentAPIController.php
View file

@ -65,9 +65,11 @@ class DocumentAPIController extends \OCP\AppFramework\OCSController {
$share = $this->shareManager->getShareByToken($shareToken);
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}

17
lib/Controller/DocumentController.php
View file

@ -242,9 +242,11 @@ class DocumentController extends Controller {
$share = $this->shareManager->getShareByToken($shareToken);
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new Exception('Invalid password');
}
}
@ -459,9 +461,12 @@ class DocumentController extends Controller {
private function getFileForShare(IShare $share, ?int $fileId, ?string $path = null): File {
// not authenticated ?
if ($share->getPassword()) {
if (!$this->session->exists('public_link_authenticated')
|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
) {
$authenticatedLinks = $this->session->get('public_link_authenticated');
$isAuthenticated = (is_array($authenticatedLinks) && in_array($share->getId(), $authenticatedLinks));
$isAuthenticated = $isAuthenticated || ($authenticatedLinks === (string)$share->getId());
if (!$isAuthenticated) {
throw new NotPermittedException('Invalid password');
}
}