diff options
| author | Julius Härtl <jus@bitgrid.net> | 2022-10-26 15:11:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-26 15:11:01 +0200 |
| commit | aec8dce61acb4e0b6ce1019fd0136fab7885bb23 (patch) | |
| tree | 8be9c9b975f7c14d063f239838cb8d8a9e765d4e /apps | |
| parent | 1e450407f6106c3690f1b25cfdcf8ce1442d35e5 (diff) | |
| parent | 8629d8e44f31dbcc0d8237391aa2fbaeea2d13f1 (diff) | |
| download | nextcloud-server-aec8dce61acb4e0b6ce1019fd0136fab7885bb23.tar.gz nextcloud-server-aec8dce61acb4e0b6ce1019fd0136fab7885bb23.zip | |
Merge pull request #34788 from nextcloud/bugfix/noid/preview-attributes
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files_sharing/lib/Controller/PublicPreviewController.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 98c4d8cafb4..ee11cf5f3f0 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -109,6 +109,11 @@ class PublicPreviewController extends PublicShareController { return new DataResponse([], Http::STATUS_FORBIDDEN); } + $attributes = $share->getAttributes(); + if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + try { $node = $share->getNode(); if ($node instanceof Folder) { @@ -159,6 +164,11 @@ class PublicPreviewController extends PublicShareController { return new DataResponse([], Http::STATUS_FORBIDDEN); } + $attributes = $share->getAttributes(); + if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + try { $node = $share->getNode(); if ($node instanceof Folder) { |