mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 993 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20200 Commits
410 Branches
Tree: 2a4c51389c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2a4c51389c'
${ noResults }
nextcloud/apps/files_sharing/public.php

public.php 7.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205 
  1. <?php

  2. // Load other apps for file previews

  3. use OCA\Files_Sharing\Helper;

  4. 

  5. OC_App::loadApps();

  6. 

  7. $appConfig = \OC::$server->getAppConfig();

  8. 

  9. if ($appConfig->getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {

  10. 	header('HTTP/1.0 404 Not Found');

  11. 	$tmpl = new OCP\Template('', '404', 'guest');

  12. 	$tmpl->printPage();

  13. 	exit();

  14. }

  15. 

  16. // Legacy sharing links via public.php have the token in $GET['t']

  17. if (isset($_GET['t'])) {

  18. 	$token = $_GET['t'];

  19. }

  20. 

  21. if (isset($token)) {

  22. 	$linkItem = OCP\Share::getShareByToken($token, false);

  23. 	if (is_array($linkItem) && isset($linkItem['uid_owner'])) {

  24. 		// seems to be a valid share

  25. 		$type = $linkItem['item_type'];

  26. 		$fileSource = $linkItem['file_source'];

  27. 		$shareOwner = $linkItem['uid_owner'];

  28. 		$path = null;

  29. 		$rootLinkItem = OCP\Share::resolveReShare($linkItem);

  30. 		if (isset($rootLinkItem['uid_owner'])) {

  31. 			OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);

  32. 			OC_Util::tearDownFS();

  33. 			OC_Util::setupFS($rootLinkItem['uid_owner']);

  34. 			$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);

  35. 		}

  36. 	}

  37. }

  38. if (isset($path)) {

  39. 	if (!isset($linkItem['item_type'])) {

  40. 		OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);

  41. 		header('HTTP/1.0 404 Not Found');

  42. 		$tmpl = new OCP\Template('', '404', 'guest');

  43. 		$tmpl->printPage();

  44. 		exit();

  45. 	}

  46. 	if (isset($linkItem['share_with'])) {

  47. 		// Authenticate share_with

  48. 		$url = OCP\Util::linkToPublic('files') . '&t=' . $token;

  49. 		if (isset($_GET['file'])) {

  50. 			$url .= '&file=' . urlencode($_GET['file']);

  51. 		} else {

  52. 			if (isset($_GET['dir'])) {

  53. 				$url .= '&dir=' . urlencode($_GET['dir']);

  54. 			}

  55. 		}

  56. 		if (isset($_POST['password'])) {

  57. 			$password = $_POST['password'];

  58. 			if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {

  59. 				// Check Password

  60. 				$forcePortable = (CRYPT_BLOWFISH != 1);

  61. 				$hasher = new PasswordHash(8, $forcePortable);

  62. 				if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),

  63. 											 $linkItem['share_with']))) {

  64. 					OCP\Util::addStyle('files_sharing', 'authenticate');

  65. 					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');

  66. 					$tmpl->assign('URL', $url);

  67. 					$tmpl->assign('wrongpw', true);

  68. 					$tmpl->printPage();

  69. 					exit();

  70. 				} else {

  71. 					// Save item id in session for future requests

  72. 					\OC::$server->getSession()->set('public_link_authenticated', $linkItem['id']);

  73. 				}

  74. 			} else {

  75. 				OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']

  76. 										   .' for share id '.$linkItem['id'], \OCP\Util::ERROR);

  77. 				header('HTTP/1.0 404 Not Found');

  78. 				$tmpl = new OCP\Template('', '404', 'guest');

  79. 				$tmpl->printPage();

  80. 				exit();

  81. 			}

  82. 

  83. 		} else {

  84. 			// Check if item id is set in session

  85. 			if ( ! \OC::$server->getSession()->exists('public_link_authenticated')

  86. 				|| \OC::$server->getSession()->get('public_link_authenticated') !== $linkItem['id']

  87. 			) {

  88. 				// Prompt for password

  89. 				OCP\Util::addStyle('files_sharing', 'authenticate');

  90. 				$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');

  91. 				$tmpl->assign('URL', $url);

  92. 				$tmpl->printPage();

  93. 				exit();

  94. 			}

  95. 		}

  96. 	}

  97. 	$basePath = $path;

  98. 	$rootName = \OC_Util::basename($path);

  99. 	if (isset($_GET['path']) && \OC\Files\Filesystem::isReadable($basePath . $_GET['path'])) {

  100. 		$getPath = \OC\Files\Filesystem::normalizePath($_GET['path']);

  101. 		$path .= $getPath;

  102. 	} else {

  103. 		$getPath = '';

  104. 	}

  105. 	$dir = dirname($path);

  106. 	$file = basename($path);

  107. 	// Download the file

  108. 	if (isset($_GET['download'])) {

  109. 		if (!\OCP\App::isEnabled('files_encryption')) {

  110. 			// encryption app requires the session to store the keys in

  111. 			\OC::$server->getSession()->close();

  112. 		}

  113. 		if (isset($_GET['files'])) { // download selected files

  114. 			$files = urldecode($_GET['files']);

  115. 			$files_list = json_decode($files);

  116. 			// in case we get only a single file

  117. 			if ($files_list === NULL ) {

  118. 				$files_list = array($files);

  119. 			}

  120. 			OC_Files::get($path, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');

  121. 		} else {

  122. 			OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD');

  123. 		}

  124. 		exit();

  125. 	} else {

  126. 		OCP\Util::addScript('files', 'file-upload');

  127. 		OCP\Util::addStyle('files_sharing', 'public');

  128. 		OCP\Util::addStyle('files_sharing', 'mobile');

  129. 		OCP\Util::addScript('files_sharing', 'public');

  130. 		OCP\Util::addScript('files', 'fileactions');

  131. 		OCP\Util::addScript('files', 'jquery.iframe-transport');

  132. 		OCP\Util::addScript('files', 'jquery.fileupload');

  133. 		$maxUploadFilesize=OCP\Util::maxUploadFilesize($path);

  134. 		$tmpl = new OCP\Template('files_sharing', 'public', 'base');

  135. 		$tmpl->assign('displayName', \OCP\User::getDisplayName($shareOwner));

  136. 		$tmpl->assign('filename', $file);

  137. 		$tmpl->assign('directory_path', $linkItem['file_target']);

  138. 		$tmpl->assign('mimetype', \OC\Files\Filesystem::getMimeType($path));

  139. 		$tmpl->assign('dirToken', $linkItem['token']);

  140. 		$tmpl->assign('sharingToken', $token);

  141. 		$tmpl->assign('server2serversharing', Helper::isOutgoingServer2serverShareEnabled());

  142. 		$tmpl->assign('protected', isset($linkItem['share_with']) ? 'true' : 'false');

  143. 

  144. 		$urlLinkIdentifiers= (isset($token)?'&t='.$token:'')

  145. 							.(isset($_GET['dir'])?'&dir='.$_GET['dir']:'')

  146. 							.(isset($_GET['file'])?'&file='.$_GET['file']:'');

  147. 		// Show file list

  148. 		if (\OC\Files\Filesystem::is_dir($path)) {

  149. 			$tmpl->assign('dir', $getPath);

  150. 

  151. 			OCP\Util::addStyle('files', 'files');

  152. 			OCP\Util::addStyle('files', 'upload');

  153. 			OCP\Util::addScript('files', 'filesummary');

  154. 			OCP\Util::addScript('files', 'breadcrumb');

  155. 			OCP\Util::addScript('files', 'files');

  156. 			OCP\Util::addScript('files', 'filelist');

  157. 			OCP\Util::addscript('files', 'keyboardshortcuts');

  158. 			$files = array();

  159. 			$rootLength = strlen($basePath) + 1;

  160. 			$maxUploadFilesize=OCP\Util::maxUploadFilesize($path);

  161. 

  162. 			$freeSpace=OCP\Util::freeSpace($path);

  163. 			$uploadLimit=OCP\Util::uploadLimit();

  164. 			$folder = new OCP\Template('files', 'list', '');

  165. 			$folder->assign('dir', $getPath);

  166. 			$folder->assign('dirToken', $linkItem['token']);

  167. 			$folder->assign('permissions', OCP\PERMISSION_READ);

  168. 			$folder->assign('isPublic', true);

  169. 			$folder->assign('publicUploadEnabled', 'no');

  170. 			$folder->assign('files', $files);

  171. 			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);

  172. 			$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));

  173. 			$folder->assign('freeSpace', $freeSpace);

  174. 			$folder->assign('uploadLimit', $uploadLimit); // PHP upload limit

  175. 			$folder->assign('usedSpacePercent', 0);

  176. 			$folder->assign('trash', false);

  177. 			$tmpl->assign('folder', $folder->fetchPage());

  178. 			$tmpl->assign('downloadURL',

  179. 				OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=' . urlencode($getPath));

  180. 		} else {

  181. 			$tmpl->assign('dir', $dir);

  182. 

  183. 			// Show file preview if viewer is available

  184. 			if ($type == 'file') {

  185. 				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download');

  186. 			} else {

  187. 				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files')

  188. 										.$urlLinkIdentifiers.'&download&path='.urlencode($getPath));

  189. 			}

  190. 		}

  191. 		$tmpl->printPage();

  192. 	}

  193. 	exit();

  194. } else {

  195. 	OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);

  196. }

  197. 

  198. $errorTemplate = new OCP\Template('files_sharing', 'part.404', '');

  199. $errorContent = $errorTemplate->fetchPage();

  200. 

  201. header('HTTP/1.0 404 Not Found');

  202. OCP\Util::addStyle('files_sharing', '404');

  203. $tmpl = new OCP\Template('', '404', 'guest');

  204. $tmpl->assign('content', $errorContent);

  205. $tmpl->printPage();