diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2016-08-30 11:33:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-30 11:33:48 +0200 |
| commit | 83490e90ef70d4da60982d86fc84725c373fe5f4 (patch) | |
| tree | c1901f70765d0bebe8a2e0100da62fb9457bd95a | |
| parent | 989473169eb508fe328df65564b0ec37f9a15f29 (diff) | |
| parent | f41c8c00894ebd687e60731e673140c8f5bda320 (diff) | |
| download | nextcloud-server-83490e90ef70d4da60982d86fc84725c373fe5f4.tar.gz nextcloud-server-83490e90ef70d4da60982d86fc84725c373fe5f4.zip | |
Merge pull request #1089 from nextcloud/allow-to-prevent-previews
Check if the file isReadable() before sending a (cached) preview
| -rw-r--r-- | core/ajax/preview.php | 2 | ||||
| -rw-r--r-- | lib/private/Preview.php | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/core/ajax/preview.php b/core/ajax/preview.php index 2894efdc8e3..6cfba6aef30 100644 --- a/core/ajax/preview.php +++ b/core/ajax/preview.php @@ -53,6 +53,8 @@ $info = \OC\Files\Filesystem::getFileInfo($file); if (!$info instanceof OCP\Files\FileInfo || !$always && !\OC::$server->getPreviewManager()->isAvailable($info)) { \OC_Response::setStatus(404); +} else if (!$info->isReadable()) { + \OC_Response::setStatus(403); } else { $preview = new \OC\Preview(\OC_User::getUser(), 'files'); $preview->setFile($file, $info); diff --git a/lib/private/Preview.php b/lib/private/Preview.php index 70b000a30ee..67838a8d4a3 100644 --- a/lib/private/Preview.php +++ b/lib/private/Preview.php @@ -763,7 +763,7 @@ class Preview { $this->preview = null; $fileInfo = $this->getFileInfo(); - if ($fileInfo === null || $fileInfo === false) { + if ($fileInfo === null || $fileInfo === false || !$fileInfo->isReadable()) { return new \OC_Image(); } |