diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000000..b5f8415f0d
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,3 @@
+**1.1.24**
+- Bug: Fix undefined PHP notices
+- Security: Properly check for password on password protected shares
\ No newline at end of file
diff --git a/appinfo/info.xml b/appinfo/info.xml
index 36969f554a..94ca260ecf 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
 	<summary>Edit office documents directly in your browser.</summary>
 	<licence>AGPL</licence>
-	<version>1.1.23</version>
+	<version>1.1.24</version>
 	<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
 	<bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
 	<repository type="git">https://github.com/nextcloud/richdocuments.git</repository>
diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 4a93558c82..4fde3599f0 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -26,6 +26,7 @@
 use \OCA\Richdocuments\AppConfig;
 use \OCA\Richdocuments\Helper;
 use \OC\Files\View;
+use OCP\ISession;
 use OCP\Share\IManager;
 
 class DocumentController extends Controller {
@@ -43,6 +44,8 @@ class DocumentController extends Controller {
 	private $shareManager;
 	/** @var TokenManager */
 	private $tokenManager;
+	/** @var ISession */
+	private $session;
 	/** @var IRootFolder */
 	private $rootFolder;
 
@@ -58,6 +61,7 @@ class DocumentController extends Controller {
 	 * @param IManager $shareManager
 	 * @param TokenManager $tokenManager
 	 * @param IRootFolder $rootFolder
+	 * @param ISession $session
 	 * @param string $UserId
 	 */
 	public function __construct($appName,
@@ -69,6 +73,7 @@ public function __construct($appName,
 								IManager $shareManager,
 								TokenManager $tokenManager,
 								IRootFolder $rootFolder,
+								ISession $session,
 								$UserId) {
 		parent::__construct($appName, $request);
 		$this->uid = $UserId;
@@ -79,6 +84,7 @@ public function __construct($appName,
 		$this->shareManager = $shareManager;
 		$this->tokenManager = $tokenManager;
 		$this->rootFolder = $rootFolder;
+		$this->session = $session;
 	}
 
 	/**
@@ -127,6 +133,15 @@ public function index($fileId) {
 	public function publicPage($shareToken, $fileName) {
 		try {
 			$share = $this->shareManager->getShareByToken($shareToken);
+			// not authenticated ?
+			if($share->getPassword()){
+				if (!$this->session->exists('public_link_authenticated')
+					|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
+				) {
+					throw new \Exception('Invalid password');
+				}
+			}
+
 			$node = $share->getNode();
 			if($node instanceof Folder) {
 				$item = $node->get($fileName);
diff --git a/lib/db/wopi.php b/lib/db/wopi.php
index 232a533d40..d7467659be 100644
--- a/lib/db/wopi.php
+++ b/lib/db/wopi.php
@@ -84,7 +84,6 @@ public function getPathForToken($fileId, $version, $token){
 		return array(
 			'owner' => $row['owner_uid'],
 			'editor' => $row['editor_uid'],
-			'path' => $row['path'],
 			'canwrite' => $row['canwrite'],
 			'server_host' => $row['server_host']
 		);
diff --git a/templates/documents.php b/templates/documents.php
index f9f4d31054..41e114e0d3 100644
--- a/templates/documents.php
+++ b/templates/documents.php
@@ -19,8 +19,3 @@
 		</li>
 	</ul>
 </div>
-<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
-<?php if ($_['enable_previews']): ?>
-<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />
-<?php endif; ?>
-<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />
\ No newline at end of file