v1.1.24

Signed-off-by: Lukas Reschke <[email protected]>
nextcloud · Dec 13, 2016 · 719b159 · 719b159
1 parent efe13b0
commit 719b159
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,3 @@
+**1.1.24**
+- Bug: Fix undefined PHP notices
+- Security: Properly check for password on password protected shares
diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
 	<summary>Edit office documents directly in your browser.</summary>
 	<licence>AGPL</licence>
-	<version>1.1.23</version>
+	<version>1.1.24</version>
 	<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
 	<bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
 	<repository type="git">https://github.com/nextcloud/richdocuments.git</repository>

diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
@@ -26,6 +26,7 @@
 use \OCA\Richdocuments\AppConfig;
 use \OCA\Richdocuments\Helper;
 use \OC\Files\View;
+use OCP\ISession;
 use OCP\Share\IManager;
 
 class DocumentController extends Controller {
@@ -43,6 +44,8 @@ class DocumentController extends Controller {
 	private $shareManager;
 	/** @var TokenManager */
 	private $tokenManager;
+	/** @var ISession */
+	private $session;
 	/** @var IRootFolder */
 	private $rootFolder;
 
@@ -58,6 +61,7 @@ class DocumentController extends Controller {
 	 * @param IManager $shareManager
 	 * @param TokenManager $tokenManager
 	 * @param IRootFolder $rootFolder
+	 * @param ISession $session
 	 * @param string $UserId
 	 */
 	public function __construct($appName,
@@ -69,6 +73,7 @@ public function __construct($appName,
 								IManager $shareManager,
 								TokenManager $tokenManager,
 								IRootFolder $rootFolder,
+								ISession $session,
 								$UserId) {
 		parent::__construct($appName, $request);
 		$this->uid = $UserId;
@@ -79,6 +84,7 @@ public function __construct($appName,
 		$this->shareManager = $shareManager;
 		$this->tokenManager = $tokenManager;
 		$this->rootFolder = $rootFolder;
+		$this->session = $session;
 	}
 
 	/**
@@ -127,6 +133,15 @@ public function index($fileId) {
 	public function publicPage($shareToken, $fileName) {
 		try {
 			$share = $this->shareManager->getShareByToken($shareToken);
+			// not authenticated ?
+			if($share->getPassword()){
+				if (!$this->session->exists('public_link_authenticated')
+					|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
+				) {
+					throw new \Exception('Invalid password');
+				}
+			}
+
 			$node = $share->getNode();
 			if($node instanceof Folder) {
 				$item = $node->get($fileName);

diff --git a/lib/db/wopi.php b/lib/db/wopi.php
@@ -84,7 +84,6 @@ public function getPathForToken($fileId, $version, $token){
 		return array(
 			'owner' => $row['owner_uid'],
 			'editor' => $row['editor_uid'],
-			'path' => $row['path'],
 			'canwrite' => $row['canwrite'],
 			'server_host' => $row['server_host']
 		);

diff --git a/templates/documents.php b/templates/documents.php
@@ -19,8 +19,3 @@
 		</li>
 	</ul>
 </div>
-<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
-<?php if ($_['enable_previews']): ?>
-<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />
-<?php endif; ?>
-<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />