mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1008 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17693 Commits
416 Branches
Tree: e0dd69e4e6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e0dd69e4e6'
${ noResults }
nextcloud/apps/files_sharing/public.php

public.php 7.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 
  1. <?php

  2. // Load other apps for file previews

  3. OC_App::loadApps();

  4. 

  5. $appConfig = \OC::$server->getAppConfig();

  6. 

  7. if ($appConfig->getValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {

  8. 	header('HTTP/1.0 404 Not Found');

  9. 	$tmpl = new OCP\Template('', '404', 'guest');

  10. 	$tmpl->printPage();

  11. 	exit();

  12. }

  13. 

  14. if (isset($_GET['t'])) {

  15. 	$token = $_GET['t'];

  16. 	$linkItem = OCP\Share::getShareByToken($token, false);

  17. 	if (is_array($linkItem) && isset($linkItem['uid_owner'])) {

  18. 		// seems to be a valid share

  19. 		$type = $linkItem['item_type'];

  20. 		$fileSource = $linkItem['file_source'];

  21. 		$shareOwner = $linkItem['uid_owner'];

  22. 		$path = null;

  23. 		$rootLinkItem = OCP\Share::resolveReShare($linkItem);

  24. 		if (isset($rootLinkItem['uid_owner'])) {

  25. 			OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);

  26. 			OC_Util::tearDownFS();

  27. 			OC_Util::setupFS($rootLinkItem['uid_owner']);

  28. 			$path = \OC\Files\Filesystem::getPath($linkItem['file_source']);

  29. 		}

  30. 	}

  31. }

  32. if (isset($path)) {

  33. 	if (!isset($linkItem['item_type'])) {

  34. 		OCP\Util::writeLog('share', 'No item type set for share id: ' . $linkItem['id'], \OCP\Util::ERROR);

  35. 		header('HTTP/1.0 404 Not Found');

  36. 		$tmpl = new OCP\Template('', '404', 'guest');

  37. 		$tmpl->printPage();

  38. 		exit();

  39. 	}

  40. 	if (isset($linkItem['share_with'])) {

  41. 		// Authenticate share_with

  42. 		$url = OCP\Util::linkToPublic('files') . '&t=' . $token;

  43. 		if (isset($_GET['file'])) {

  44. 			$url .= '&file=' . urlencode($_GET['file']);

  45. 		} else {

  46. 			if (isset($_GET['dir'])) {

  47. 				$url .= '&dir=' . urlencode($_GET['dir']);

  48. 			}

  49. 		}

  50. 		if (isset($_POST['password'])) {

  51. 			$password = $_POST['password'];

  52. 			if ($linkItem['share_type'] == OCP\Share::SHARE_TYPE_LINK) {

  53. 				// Check Password

  54. 				$forcePortable = (CRYPT_BLOWFISH != 1);

  55. 				$hasher = new PasswordHash(8, $forcePortable);

  56. 				if (!($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''),

  57. 											 $linkItem['share_with']))) {

  58. 					OCP\Util::addStyle('files_sharing', 'authenticate');

  59. 					$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');

  60. 					$tmpl->assign('URL', $url);

  61. 					$tmpl->assign('wrongpw', true);

  62. 					$tmpl->printPage();

  63. 					exit();

  64. 				} else {

  65. 					// Save item id in session for future requests

  66. 					\OC::$session->set('public_link_authenticated', $linkItem['id']);

  67. 				}

  68. 			} else {

  69. 				OCP\Util::writeLog('share', 'Unknown share type '.$linkItem['share_type']

  70. 										   .' for share id '.$linkItem['id'], \OCP\Util::ERROR);

  71. 				header('HTTP/1.0 404 Not Found');

  72. 				$tmpl = new OCP\Template('', '404', 'guest');

  73. 				$tmpl->printPage();

  74. 				exit();

  75. 			}

  76. 

  77. 		} else {

  78. 			// Check if item id is set in session

  79. 			if ( ! \OC::$session->exists('public_link_authenticated')

  80. 				|| \OC::$session->get('public_link_authenticated') !== $linkItem['id']

  81. 			) {

  82. 				// Prompt for password

  83. 				OCP\Util::addStyle('files_sharing', 'authenticate');

  84. 				$tmpl = new OCP\Template('files_sharing', 'authenticate', 'guest');

  85. 				$tmpl->assign('URL', $url);

  86. 				$tmpl->printPage();

  87. 				exit();

  88. 			}

  89. 		}

  90. 	}

  91. 	$basePath = $path;

  92. 	$rootName = basename($path);

  93. 	if (isset($_GET['path']) && \OC\Files\Filesystem::isReadable($basePath . $_GET['path'])) {

  94. 		$getPath = \OC\Files\Filesystem::normalizePath($_GET['path']);

  95. 		$path .= $getPath;

  96. 	} else {

  97. 		$getPath = '';

  98. 	}

  99. 	$dir = dirname($path);

  100. 	$file = basename($path);

  101. 	// Download the file

  102. 	if (isset($_GET['download'])) {

  103. 		if (isset($_GET['files'])) { // download selected files

  104. 			$files = urldecode($_GET['files']);

  105. 			$files_list = json_decode($files);

  106. 			// in case we get only a single file

  107. 			if ($files_list === NULL ) {

  108. 				$files_list = array($files);

  109. 			}

  110. 			OC_Files::get($path, $files_list, $_SERVER['REQUEST_METHOD'] == 'HEAD');

  111. 		} else {

  112. 			OC_Files::get($dir, $file, $_SERVER['REQUEST_METHOD'] == 'HEAD');

  113. 		}

  114. 		exit();

  115. 	} else {

  116. 		OCP\Util::addScript('files', 'file-upload');

  117. 		OCP\Util::addStyle('files_sharing', 'public');

  118. 		OCP\Util::addStyle('files_sharing', 'mobile');

  119. 		OCP\Util::addScript('files_sharing', 'public');

  120. 		OCP\Util::addScript('files', 'fileactions');

  121. 		OCP\Util::addScript('files', 'jquery.iframe-transport');

  122. 		OCP\Util::addScript('files', 'jquery.fileupload');

  123. 		$maxUploadFilesize=OCP\Util::maxUploadFilesize($path);

  124. 		$tmpl = new OCP\Template('files_sharing', 'public', 'base');

  125. 		$tmpl->assign('displayName', \OCP\User::getDisplayName($shareOwner));

  126. 		$tmpl->assign('filename', $file);

  127. 		$tmpl->assign('directory_path', $linkItem['file_target']);

  128. 		$tmpl->assign('mimetype', \OC\Files\Filesystem::getMimeType($path));

  129. 		$tmpl->assign('dirToken', $linkItem['token']);

  130. 		$tmpl->assign('sharingToken', $token);

  131. 

  132. 		$urlLinkIdentifiers= (isset($token)?'&t='.$token:'')

  133. 							.(isset($_GET['dir'])?'&dir='.$_GET['dir']:'')

  134. 							.(isset($_GET['file'])?'&file='.$_GET['file']:'');

  135. 		// Show file list

  136. 		if (\OC\Files\Filesystem::is_dir($path)) {

  137. 			$tmpl->assign('dir', $getPath);

  138. 

  139. 			OCP\Util::addStyle('files', 'files');

  140. 			OCP\Util::addStyle('files', 'upload');

  141. 			OCP\Util::addScript('files', 'filesummary');

  142. 			OCP\Util::addScript('files', 'breadcrumb');

  143. 			OCP\Util::addScript('files', 'files');

  144. 			OCP\Util::addScript('files', 'filelist');

  145. 			OCP\Util::addscript('files', 'keyboardshortcuts');

  146. 			$files = array();

  147. 			$rootLength = strlen($basePath) + 1;

  148. 			$maxUploadFilesize=OCP\Util::maxUploadFilesize($path);

  149. 

  150. 			$freeSpace=OCP\Util::freeSpace($path);

  151. 			$uploadLimit=OCP\Util::uploadLimit();

  152. 			$folder = new OCP\Template('files', 'index', '');

  153. 			$folder->assign('dir', $getPath);

  154. 			$folder->assign('dirToken', $linkItem['token']);

  155. 			$folder->assign('permissions', OCP\PERMISSION_READ);

  156. 			$folder->assign('isPublic',true);

  157. 			$folder->assign('publicUploadEnabled', 'no');

  158. 			$folder->assign('files', $files);

  159. 			$folder->assign('uploadMaxFilesize', $maxUploadFilesize);

  160. 			$folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize));

  161. 			$folder->assign('freeSpace', $freeSpace);

  162. 			$folder->assign('uploadLimit', $uploadLimit); // PHP upload limit

  163. 			$folder->assign('allowZipDownload', intval(OCP\Config::getSystemValue('allowZipDownload', true)));

  164. 			$folder->assign('usedSpacePercent', 0);

  165. 			$folder->assign('disableSharing', true);

  166. 			$folder->assign('trash', false);

  167. 			$tmpl->assign('folder', $folder->fetchPage());

  168. 			$allowZip = OCP\Config::getSystemValue('allowZipDownload', true);

  169. 			$tmpl->assign('allowZipDownload', intval($allowZip));

  170. 			$tmpl->assign('showDownloadButton', intval($allowZip));

  171. 			$tmpl->assign('downloadURL',

  172. 				OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download&path=' . urlencode($getPath));

  173. 		} else {

  174. 			$tmpl->assign('showDownloadButton', true);

  175. 			$tmpl->assign('dir', $dir);

  176. 

  177. 			// Show file preview if viewer is available

  178. 			if ($type == 'file') {

  179. 				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files') . $urlLinkIdentifiers . '&download');

  180. 			} else {

  181. 				$tmpl->assign('downloadURL', OCP\Util::linkToPublic('files')

  182. 										.$urlLinkIdentifiers.'&download&path='.urlencode($getPath));

  183. 			}

  184. 		}

  185. 		$tmpl->printPage();

  186. 	}

  187. 	exit();

  188. } else {

  189. 	OCP\Util::writeLog('share', 'could not resolve linkItem', \OCP\Util::DEBUG);

  190. }

  191. 

  192. $errorTemplate = new OCP\Template('files_sharing', 'part.404', '');

  193. $errorContent = $errorTemplate->fetchPage();

  194. 

  195. header('HTTP/1.0 404 Not Found');

  196. OCP\Util::addStyle('files_sharing', '404');

  197. $tmpl = new OCP\Template('', '404', 'guest');

  198. $tmpl->assign('content', $errorContent);

  199. $tmpl->printPage();