Prevent access to shareinfo if share if read-only

author: Lukas Reschke <lukas@owncloud.com> 2016-06-08 15:38:11 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2016-06-09 15:15:17 +0200
commit: 075bf73c80882943acc6c73abbcc026046e6b226 (patch)
tree: 903a8fc7382f6df7d891bb60400b5b2dde0a46f4
parent: 66d853680ccc8f579a4b80c85376299b9b98b73b (diff)
download: nextcloud-server-075bf73c80882943acc6c73abbcc026046e6b226.tar.gz
nextcloud-server-075bf73c80882943acc6c73abbcc026046e6b226.zip
3 files changed, 19 insertions, 1 deletions
diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
index 5999740af31..c02d475a769 100644
--- a/apps/files_sharing/ajax/publicpreview.php
+++ b/apps/files_sharing/ajax/publicpreview.php
@@ -42,6 +42,13 @@ if($token === ''){
 }
 
 $linkedItem = \OCP\Share::getShareByToken($token);
+$shareManager = \OC::$server->getShareManager();
+$share = $shareManager->getShareByToken($token);
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
 	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
 	\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
diff --git a/apps/files_sharing/ajax/shareinfo.php b/apps/files_sharing/ajax/shareinfo.php
index acf58a2431a..002d7ab275e 100644
--- a/apps/files_sharing/ajax/shareinfo.php
+++ b/apps/files_sharing/ajax/shareinfo.php
@@ -71,6 +71,11 @@ $shareManager = \OC::$server->getShareManager();
 $share = $shareManager->getShareByToken($token);
 $sharePermissions= (int)$share->getPermissions();
 
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 /**
  * @param \OCP\Files\FileInfo $dir
  * @param \OC\Files\View $view
diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php
index baf2fc9ed11..56f94b91c80 100644
--- a/apps/files_sharing/lib/Controllers/ShareController.php
+++ b/apps/files_sharing/lib/Controllers/ShareController.php
@@ -252,6 +252,7 @@ class ShareController extends Controller {
 	 * @param string $path
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws NotFoundException
+	 * @throws \Exception
 	 */
 	public function showShare($token, $path = '') {
 		\OC_User::setIncognitoMode(true);
@@ -373,13 +374,18 @@ class ShareController extends Controller {
 	 * @param string $files
 	 * @param string $path
 	 * @param string $downloadStartSecret
-	 * @return void|RedirectResponse
+	 * @return void|OCP\AppFramework\Http\Response
+	 * @throws NotFoundException
 	 */
 	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
 		\OC_User::setIncognitoMode(true);
 
 		$share = $this->shareManager->getShareByToken($token);
 
+		if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+			return new OCP\AppFramework\Http\DataResponse('Share is read-only');
+		}
+
 		// Share is password protected - check whether the user is permitted to access the share
 		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
 			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',
author	Lukas Reschke <lukas@owncloud.com>	2016-06-08 15:38:11 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2016-06-09 15:15:17 +0200
commit	075bf73c80882943acc6c73abbcc026046e6b226 (patch)
tree	903a8fc7382f6df7d891bb60400b5b2dde0a46f4
parent	66d853680ccc8f579a4b80c85376299b9b98b73b (diff)
download	nextcloud-server-075bf73c80882943acc6c73abbcc026046e6b226.tar.gz nextcloud-server-075bf73c80882943acc6c73abbcc026046e6b226.zip