diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2025-02-18 11:58:12 +0100 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2025-02-18 11:58:12 +0100 |
| commit | c19ce403f3ca0567645b7751df5b697509a460c2 (patch) | |
| tree | 861e25261e92e14ab2fe0f345b24a3e8f99689a5 /apps/files_sharing/lib/Controller/ShareController.php | |
| parent | 8886f367e433277cf7aa0c01b93a9d4348db47a8 (diff) | |
| download | nextcloud-server-c19ce403f3ca0567645b7751df5b697509a460c2.tar.gz nextcloud-server-c19ce403f3ca0567645b7751df5b697509a460c2.zip | |
fix(files_sharing): block downloading if neededfix/download-perms
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Diffstat (limited to 'apps/files_sharing/lib/Controller/ShareController.php')
| -rw-r--r-- | apps/files_sharing/lib/Controller/ShareController.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareController.php b/apps/files_sharing/lib/Controller/ShareController.php index 1c3c9534dde..cfd9628410e 100644 --- a/apps/files_sharing/lib/Controller/ShareController.php +++ b/apps/files_sharing/lib/Controller/ShareController.php @@ -359,6 +359,11 @@ class ShareController extends AuthPublicShareController { return new DataResponse('Share has no read permission'); } + $attributes = $share->getAttributes(); + if ($attributes?->getAttribute('permissions', 'download') === false) { + return new DataResponse('Share has no download permission'); + } + if (!$this->validateShare($share)) { throw new NotFoundException(); } |