diff options
| author | skjnldsv <skjnldsv@protonmail.com> | 2025-01-17 17:28:38 +0100 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2025-01-17 18:22:58 +0100 |
| commit | abd3cb60fc27bb439f0683aaa9e027892925665d (patch) | |
| tree | 118fd241a5a1f36154219fa00bebbba98381f301 /apps/files/lib | |
| parent | 6afe12593ea9339ea396c2710eda128fe79ca15c (diff) | |
| download | nextcloud-server-abd3cb60fc27bb439f0683aaa9e027892925665d.tar.gz nextcloud-server-abd3cb60fc27bb439f0683aaa9e027892925665d.zip | |
fix(files): more conversion tests and translate error messages
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/files/lib')
| -rw-r--r-- | apps/files/lib/Controller/ConversionApiController.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/apps/files/lib/Controller/ConversionApiController.php b/apps/files/lib/Controller/ConversionApiController.php index 40ea45451ad..afdc4407349 100644 --- a/apps/files/lib/Controller/ConversionApiController.php +++ b/apps/files/lib/Controller/ConversionApiController.php @@ -10,17 +10,20 @@ declare(strict_types=1); namespace OCA\Files\Controller; use OC\Files\Utils\PathHelper; +use OC\ForbiddenException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\ApiRoute; use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\DataResponse; +use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\Files\Conversion\IConversionManager; use OCP\Files\File; +use OCP\Files\GenericFileException; use OCP\Files\IRootFolder; use OCP\IL10N; use OCP\IRequest; @@ -59,7 +62,8 @@ class ConversionApiController extends OCSController { $userFolder = $this->rootFolder->getUserFolder($this->userId); $file = $userFolder->getFirstNodeById($fileId); - if (!($file instanceof File)) { + // Also throw a 404 if the file is not readable to not leak information + if (!($file instanceof File) || $file->isReadable() === false) { throw new OCSNotFoundException($this->l10n->t('The file cannot be found')); } @@ -72,7 +76,7 @@ class ConversionApiController extends OCSController { } if (!$userFolder->get($parentDir)->isCreatable()) { - throw new OCSForbiddenException(); + throw new OCSForbiddenException($this->l10n->t('You do not have permission to create a file at the specified location')); } $destination = $userFolder->getFullPath($destination); @@ -80,6 +84,10 @@ class ConversionApiController extends OCSController { try { $convertedFile = $this->fileConversionManager->convert($file, $targetMimeType, $destination); + } catch (ForbiddenException $e) { + throw new OCSForbiddenException($e->getMessage()); + } catch (GenericFileException $e) { + throw new OCSBadRequestException($e->getMessage()); } catch (\Exception $e) { logger('files')->error($e->getMessage(), ['exception' => $e]); throw new OCSException($this->l10n->t('The file could not be converted.')); |