v1.1.24

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
7 years ago · 719b159a44
parent efe13b0f43
commit 719b159a44
5 changed files with 19 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,3 @@
+**1.1.24**
+- Bug: Fix undefined PHP notices
+- Security: Properly check for password on password protected shares
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@ -5,7 +5,7 @@
 	<description>Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.</description>
 	<summary>Edit office documents directly in your browser.</summary>
 	<licence>AGPL</licence>
-	<version>1.1.23</version>
+	<version>1.1.24</version>
 	<author>Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk</author>
 	<bugs>https://github.com/nextcloud/richdocuments/issues</bugs>
 	<repository type="git">https://github.com/nextcloud/richdocuments.git</repository>
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse;
 use \OCA\Richdocuments\AppConfig;
 use \OCA\Richdocuments\Helper;
 use \OC\Files\View;
+use OCP\ISession;
 use OCP\Share\IManager;

 class DocumentController extends Controller {
@ -43,6 +44,8 @@ class DocumentController extends Controller {
 	private $shareManager;
 	/** @var TokenManager */
 	private $tokenManager;
+	/** @var ISession */
+	private $session;
 	/** @var IRootFolder */
 	private $rootFolder;

@ -58,6 +61,7 @@ class DocumentController extends Controller {
 	 * @param IManager $shareManager
 	 * @param TokenManager $tokenManager
 	 * @param IRootFolder $rootFolder
+	 * @param ISession $session
 	 * @param string $UserId
 	 */
 	public function __construct($appName,
@ -69,6 +73,7 @@ class DocumentController extends Controller {
 								IManager $shareManager,
 								TokenManager $tokenManager,
 								IRootFolder $rootFolder,
+								ISession $session,
 								$UserId) {
 		parent::__construct($appName, $request);
 		$this->uid = $UserId;
@ -79,6 +84,7 @@ class DocumentController extends Controller {
 		$this->shareManager = $shareManager;
 		$this->tokenManager = $tokenManager;
 		$this->rootFolder = $rootFolder;
+		$this->session = $session;
 	}

 	/**
@ -127,6 +133,15 @@ class DocumentController extends Controller {
 	public function publicPage($shareToken, $fileName) {
 		try {
 			$share = $this->shareManager->getShareByToken($shareToken);
+			// not authenticated ?
+			if($share->getPassword()){
+				if (!$this->session->exists('public_link_authenticated')
+					|| $this->session->get('public_link_authenticated') !== (string)$share->getId()
+				) {
+					throw new \Exception('Invalid password');
+				}
+			}
+
 			$node = $share->getNode();
 			if($node instanceof Folder) {
 				$item = $node->get($fileName);
--- a/lib/db/wopi.php
+++ b/lib/db/wopi.php
@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{
 		return array(
 			'owner' => $row['owner_uid'],
 			'editor' => $row['editor_uid'],
-			'path' => $row['path'],
 			'canwrite' => $row['canwrite'],
 			'server_host' => $row['server_host']
 		);
--- a/templates/documents.php
+++ b/templates/documents.php
@ -19,8 +19,3 @@ script('richdocuments', 'documents');
 		</li>
 	</ul>
 </div>
-<input type="hidden" id="wopi-url" name="wopi-url" value="<?php p($_['wopi_url']) ?>" />
-<?php if ($_['enable_previews']): ?>
-<input type="hidden" id="previews_enabled" value="<?php p($_['enable_previews']) ?>" />
-<?php endif; ?>
-<input type="hidden" name="allowShareWithLink" id="allowShareWithLink" value="<?php p($_['allowShareWithLink']) ?>" />