diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-10-28 19:44:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-28 19:44:27 +0100 |
| commit | d4acae6312b503ba4e7b047bcfbda5588f7fd8ca (patch) | |
| tree | 2acae1ac8f8885ec9528848f7152beffabb1e182 /apps/files_sharing/lib/Controller | |
| parent | 8e6fd4d2780df1e0572bba9526ecce53e08b9661 (diff) | |
| parent | c84c256261cc3e518594286fc334797bc99245cc (diff) | |
| download | nextcloud-server-d4acae6312b503ba4e7b047bcfbda5588f7fd8ca.tar.gz nextcloud-server-d4acae6312b503ba4e7b047bcfbda5588f7fd8ca.zip | |
Merge pull request #47831 from nextcloud/fix/view-only-preview
fix: Adjust preview for view-only shares
Diffstat (limited to 'apps/files_sharing/lib/Controller')
| -rw-r--r-- | apps/files_sharing/lib/Controller/PublicPreviewController.php | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 9678aa67888..da71aca904c 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -78,6 +78,8 @@ class PublicPreviewController extends PublicShareController { int $y = 32, $a = false, ) { + $cacheForSeconds = 60 * 60 * 24; // 1 day + if ($token === '' || $x === 0 || $y === 0) { return new DataResponse([], Http::STATUS_BAD_REQUEST); } @@ -93,7 +95,17 @@ class PublicPreviewController extends PublicShareController { } $attributes = $share->getAttributes(); - if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) { + // Only explicitly set to false will forbid the download! + $downloadForbidden = $attributes?->getAttribute('permissions', 'download') === false; + // Is this header is set it means our UI is doing a preview for no-download shares + // we check a header so we at least prevent people from using the link directly (obfuscation) + $isPublicPreview = $this->request->getHeader('X-NC-Preview') === 'true'; + + if ($isPublicPreview && $downloadForbidden) { + // Only cache for 15 minutes on public preview requests to quickly remove from cache + $cacheForSeconds = 15 * 60; + } elseif ($downloadForbidden) { + // This is not a public share preview so we only allow a preview if download permissions are granted return new DataResponse([], Http::STATUS_FORBIDDEN); } @@ -107,7 +119,7 @@ class PublicPreviewController extends PublicShareController { $f = $this->previewManager->getPreview($file, $x, $y, !$a); $response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]); - $response->cacheFor(3600 * 24); + $response->cacheFor($cacheForSeconds); return $response; } catch (NotFoundException $e) { return new DataResponse([], Http::STATUS_NOT_FOUND); |