diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2022-06-13 15:50:43 +0200 |
|---|---|---|
| committer | Carl Schwan <carl@carlschwan.eu> | 2022-08-03 13:24:20 +0200 |
| commit | 567b7cc05c4edfb25b95df63c48a39f796539d20 (patch) | |
| tree | 7dc73894cd2ee015b25ab7dbebb125e4a8fafd0a /apps/files_sharing | |
| parent | cc7564758b22b424ddcaa2fe7d856e647b33bfd4 (diff) | |
| download | nextcloud-server-567b7cc05c4edfb25b95df63c48a39f796539d20.tar.gz nextcloud-server-567b7cc05c4edfb25b95df63c48a39f796539d20.zip | |
Block download when needed on direct download endpoint
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps/files_sharing')
| -rw-r--r-- | apps/files_sharing/lib/AppInfo/Application.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/AppInfo/Application.php b/apps/files_sharing/lib/AppInfo/Application.php index 97bb9447713..79952c053b1 100644 --- a/apps/files_sharing/lib/AppInfo/Application.php +++ b/apps/files_sharing/lib/AppInfo/Application.php @@ -164,6 +164,7 @@ class Application extends App implements IBootstrap { 'file.beforeGetDirect', function (GenericEvent $event) use ($userSession, $rootFolder) { $pathsToCheck = [$event->getArgument('path')]; + $event->setArgument('run', true); // Check only for user/group shares. Don't restrict e.g. share links if ($userSession && $userSession->isLoggedIn()) { @@ -172,6 +173,7 @@ class Application extends App implements IBootstrap { $rootFolder->getUserFolder($uid) ); if (!$viewOnlyHandler->check($pathsToCheck)) { + $event->setArgument('run', false); $event->setArgument('errorMessage', 'Access to this resource or one of its sub-items has been denied.'); } } |