LLM OCP API: Fix security issue

author Marcel Klehr <mklehr@gmx.net>

Thu, 6 Jul 2023 10:41:42 +0000 (12:41 +0200)

committer Marcel Klehr <mklehr@gmx.net>

Wed, 9 Aug 2023 08:01:36 +0000 (10:01 +0200)
author Marcel Klehr <mklehr@gmx.net>
Thu, 6 Jul 2023 10:41:42 +0000 (12:41 +0200)
committer Marcel Klehr <mklehr@gmx.net>
Wed, 9 Aug 2023 08:01:36 +0000 (10:01 +0200)
diff --git a/core/Controller/LanguageModelApiController.php b/core/Controller/LanguageModelApiController.php

index b31b8f66b4a677a1574a1e0e41a01ef245fb977c..21954e7f1c753cdaf996e81df616bf45726ebcfd 100644 (file)
--- a/core/Controller/LanguageModelApiController.php
+++ b/core/Controller/LanguageModelApiController.php
@@ -85,6 +85,10 @@ class LanguageModelApiController extends \OCP\AppFramework\OCSController {
                 try {
                         $task = $this->languageModelManager->getTask($id);
  
+                       if ($this->userId !== $task->getUserId()) {
+                               return new DataResponse(['message' => $this->l->t('Task not found')], Http::STATUS_NOT_FOUND);
+                       }
+
                         return new DataResponse([
                                 'task' => $task,
                         ]);
author	Marcel Klehr <mklehr@gmx.net>
	Thu, 6 Jul 2023 10:41:42 +0000 (12:41 +0200)
committer	Marcel Klehr <mklehr@gmx.net>
	Wed, 9 Aug 2023 08:01:36 +0000 (10:01 +0200)