diff options
| author | Joas Schilling <coding@schilljs.com> | 2016-08-26 15:51:18 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2016-08-29 10:58:57 +0200 |
| commit | f41c8c00894ebd687e60731e673140c8f5bda320 (patch) | |
| tree | 8289247484603e0170529eca6edb168daf3788f3 | |
| parent | 3647fbe7cd86e743b059889d69b03fcf8207780f (diff) | |
| download | nextcloud-server-f41c8c00894ebd687e60731e673140c8f5bda320.tar.gz nextcloud-server-f41c8c00894ebd687e60731e673140c8f5bda320.zip | |
Check if the file isReadable() before sending a (cached) preview
| -rw-r--r-- | core/ajax/preview.php | 2 | ||||
| -rw-r--r-- | lib/private/Preview.php | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/core/ajax/preview.php b/core/ajax/preview.php index 2894efdc8e3..6cfba6aef30 100644 --- a/core/ajax/preview.php +++ b/core/ajax/preview.php @@ -53,6 +53,8 @@ $info = \OC\Files\Filesystem::getFileInfo($file); if (!$info instanceof OCP\Files\FileInfo || !$always && !\OC::$server->getPreviewManager()->isAvailable($info)) { \OC_Response::setStatus(404); +} else if (!$info->isReadable()) { + \OC_Response::setStatus(403); } else { $preview = new \OC\Preview(\OC_User::getUser(), 'files'); $preview->setFile($file, $info); diff --git a/lib/private/Preview.php b/lib/private/Preview.php index 70b000a30ee..67838a8d4a3 100644 --- a/lib/private/Preview.php +++ b/lib/private/Preview.php @@ -763,7 +763,7 @@ class Preview { $this->preview = null; $fileInfo = $this->getFileInfo(); - if ($fileInfo === null || $fileInfo === false) { + if ($fileInfo === null || $fileInfo === false || !$fileInfo->isReadable()) { return new \OC_Image(); } |