diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2015-11-19 12:01:55 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-11-22 16:05:51 +0100 |
| commit | ce897f80e60a4e2258da89745b8fda030f548df8 (patch) | |
| tree | 665352ca768db05a8d493ff8802eaf1c68fad48e /apps | |
| parent | d3383adb71d7f05642610490b747f92958c7d357 (diff) | |
| download | nextcloud-server-ce897f80e60a4e2258da89745b8fda030f548df8.tar.gz nextcloud-server-ce897f80e60a4e2258da89745b8fda030f548df8.zip | |
Send download token as cookie to tell the UI that it started
This used to be done in the ajax download code. Now that single file
downloads are going through Webdav, the token handling needs to be done
here too.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/dav/lib/connector/sabre/filesplugin.php | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/apps/dav/lib/connector/sabre/filesplugin.php b/apps/dav/lib/connector/sabre/filesplugin.php index d68397dcaa3..e85a67a8759 100644 --- a/apps/dav/lib/connector/sabre/filesplugin.php +++ b/apps/dav/lib/connector/sabre/filesplugin.php @@ -116,6 +116,7 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin { $this->server->on('afterBind', array($this, 'sendFileIdHeader')); $this->server->on('afterWriteContent', array($this, 'sendFileIdHeader')); $this->server->on('afterMethod:GET', [$this,'httpGet']); + $this->server->on('afterMethod:GET', array($this, 'handleDownloadToken')); $this->server->on('afterResponse', function($request, ResponseInterface $response) { $body = $response->getBody(); if (is_resource($body)) { @@ -149,6 +150,32 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin { } /** + * This sets a cookie to be able to recognize the start of the download + * the content must not be longer than 32 characters and must only contain + * alphanumeric characters + * + * @param RequestInterface $request + * @param ResponseInterface $response + */ + function handleDownloadToken(RequestInterface $request, ResponseInterface $response) { + $queryParams = $request->getQueryParameters(); + + /** + * this sets a cookie to be able to recognize the start of the download + * the content must not be longer than 32 characters and must only contain + * alphanumeric characters + */ + if (isset($queryParams['downloadStartSecret'])) { + $token = $queryParams['downloadStartSecret']; + if (!isset($token[32]) + && preg_match('!^[a-zA-Z0-9]+$!', $token) === 1) { + // FIXME: use $response->setHeader() instead + setcookie('ocDownloadStarted', $token, time() + 20, '/'); + } + } + } + + /** * Plugin that adds a 'Content-Disposition: attachment' header to all files * delivered by SabreDAV. * @param RequestInterface $request |