diff options
| author | Andy Scherzinger <info@andy-scherzinger.de> | 2024-07-25 19:37:30 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-25 19:37:30 +0200 |
| commit | 4f2a29adf95c57bef5d01f27c8b741a9840e82b3 (patch) | |
| tree | 964245a9302baa5b49f215642fb1f82acfa5987b /apps | |
| parent | 2e353d88498e841a468eaa28874f18ba20c7a9b1 (diff) | |
| parent | 2b0bc8b310aef675af35373fbc8a7884869f7d05 (diff) | |
| download | nextcloud-server-4f2a29adf95c57bef5d01f27c8b741a9840e82b3.tar.gz nextcloud-server-4f2a29adf95c57bef5d01f27c8b741a9840e82b3.zip | |
Merge pull request #46672 from nextcloud/fix/preview-invalid-id
Avoid using partial file info as valid one
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files/lib/Controller/ApiController.php | 4 | ||||
| -rw-r--r-- | apps/files/tests/Controller/ApiControllerTest.php | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/apps/files/lib/Controller/ApiController.php b/apps/files/lib/Controller/ApiController.php index 64082fbfd85..9cf634f9404 100644 --- a/apps/files/lib/Controller/ApiController.php +++ b/apps/files/lib/Controller/ApiController.php @@ -93,6 +93,10 @@ class ApiController extends Controller { throw new NotFoundException(); } + if ($file->getId() <= 0) { + return new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND); + } + /** @var File $file */ $preview = $this->previewManager->getPreview($file, $x, $y, true); diff --git a/apps/files/tests/Controller/ApiControllerTest.php b/apps/files/tests/Controller/ApiControllerTest.php index 0093603c5f6..844fabc93a3 100644 --- a/apps/files/tests/Controller/ApiControllerTest.php +++ b/apps/files/tests/Controller/ApiControllerTest.php @@ -157,6 +157,7 @@ class ApiControllerTest extends TestCase { public function testGetThumbnailInvalidImage() { $file = $this->createMock(File::class); + $file->method('getId')->willReturn(123); $this->userFolder->method('get') ->with($this->equalTo('unknown.jpg')) ->willReturn($file); @@ -168,8 +169,19 @@ class ApiControllerTest extends TestCase { $this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg')); } + public function testGetThumbnailInvalidPartFile() { + $file = $this->createMock(File::class); + $file->method('getId')->willReturn(0); + $this->userFolder->method('get') + ->with($this->equalTo('unknown.jpg')) + ->willReturn($file); + $expected = new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND); + $this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg')); + } + public function testGetThumbnail() { $file = $this->createMock(File::class); + $file->method('getId')->willReturn(123); $this->userFolder->method('get') ->with($this->equalTo('known.jpg')) ->willReturn($file); |