diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 00000000..b5f8415f
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,3 @@
+**1.1.24**
+- Bug: Fix undefined PHP notices
+- Security: Properly check for password on password protected shares
\ No newline at end of file
diff --git a/appinfo/info.xml b/appinfo/info.xml
index 36969f55..94ca260e 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -5,7 +5,7 @@
Collabora Online allows you to to work with all kinds of office documents directly in your browser. This application requires Collabora Cloudsuite to be installed on one of your servers, please read the documentation to learn more about that.
Edit office documents directly in your browser.
AGPL
- 1.1.23
+ 1.1.24
Collabora Productivity based on work of Frank Karlitschek, Victor Dubiniuk
https://github.com/nextcloud/richdocuments/issues
https://github.com/nextcloud/richdocuments.git
diff --git a/lib/Controller/DocumentController.php b/lib/Controller/DocumentController.php
index 4a93558c..4fde3599 100644
--- a/lib/Controller/DocumentController.php
+++ b/lib/Controller/DocumentController.php
@@ -26,6 +26,7 @@ use \OCP\AppFramework\Http\TemplateResponse;
use \OCA\Richdocuments\AppConfig;
use \OCA\Richdocuments\Helper;
use \OC\Files\View;
+use OCP\ISession;
use OCP\Share\IManager;
class DocumentController extends Controller {
@@ -43,6 +44,8 @@ class DocumentController extends Controller {
private $shareManager;
/** @var TokenManager */
private $tokenManager;
+ /** @var ISession */
+ private $session;
/** @var IRootFolder */
private $rootFolder;
@@ -58,6 +61,7 @@ class DocumentController extends Controller {
* @param IManager $shareManager
* @param TokenManager $tokenManager
* @param IRootFolder $rootFolder
+ * @param ISession $session
* @param string $UserId
*/
public function __construct($appName,
@@ -69,6 +73,7 @@ class DocumentController extends Controller {
IManager $shareManager,
TokenManager $tokenManager,
IRootFolder $rootFolder,
+ ISession $session,
$UserId) {
parent::__construct($appName, $request);
$this->uid = $UserId;
@@ -79,6 +84,7 @@ class DocumentController extends Controller {
$this->shareManager = $shareManager;
$this->tokenManager = $tokenManager;
$this->rootFolder = $rootFolder;
+ $this->session = $session;
}
/**
@@ -127,6 +133,15 @@ class DocumentController extends Controller {
public function publicPage($shareToken, $fileName) {
try {
$share = $this->shareManager->getShareByToken($shareToken);
+ // not authenticated ?
+ if($share->getPassword()){
+ if (!$this->session->exists('public_link_authenticated')
+ || $this->session->get('public_link_authenticated') !== (string)$share->getId()
+ ) {
+ throw new \Exception('Invalid password');
+ }
+ }
+
$node = $share->getNode();
if($node instanceof Folder) {
$item = $node->get($fileName);
diff --git a/lib/db/wopi.php b/lib/db/wopi.php
index 232a533d..d7467659 100644
--- a/lib/db/wopi.php
+++ b/lib/db/wopi.php
@@ -84,7 +84,6 @@ class Wopi extends \OCA\Richdocuments\Db{
return array(
'owner' => $row['owner_uid'],
'editor' => $row['editor_uid'],
- 'path' => $row['path'],
'canwrite' => $row['canwrite'],
'server_host' => $row['server_host']
);
diff --git a/templates/documents.php b/templates/documents.php
index f9f4d310..41e114e0 100644
--- a/templates/documents.php
+++ b/templates/documents.php
@@ -19,8 +19,3 @@ script('richdocuments', 'documents');
-
-
-
-
-
\ No newline at end of file