LLM OCP API: Fix security issue

Signed-off-by: Marcel Klehr <mklehr@gmx.net> (cherry picked from commit f7e1e79880261e62daad800c42c0b65ca593a223)
author: Marcel Klehr <mklehr@gmx.net> 2023-07-06 12:41:42 +0200
committer: Marcel Klehr <mklehr@gmx.net> 2023-08-09 10:01:36 +0200
commit: 445b72a93c11fe16f82e5693395ba37084430c35 (patch)
tree: 46a23a0cb41d77870126b3812827907c548f27d4 /core/Controller
parent: 8f0618de9fdfcbd0199f0895edca5edc0f2d8d7e (diff)
download: nextcloud-server-445b72a93c11fe16f82e5693395ba37084430c35.tar.gz
nextcloud-server-445b72a93c11fe16f82e5693395ba37084430c35.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Controller/LanguageModelApiController.php b/core/Controller/LanguageModelApiController.php
index b31b8f66b4a..21954e7f1c7 100644
--- a/core/Controller/LanguageModelApiController.php
+++ b/core/Controller/LanguageModelApiController.php
@@ -85,6 +85,10 @@ class LanguageModelApiController extends \OCP\AppFramework\OCSController {
 		try {
 			$task = $this->languageModelManager->getTask($id);
 
+			if ($this->userId !== $task->getUserId()) {
+				return new DataResponse(['message' => $this->l->t('Task not found')], Http::STATUS_NOT_FOUND);
+			}
+
 			return new DataResponse([
 				'task' => $task,
 			]);
author	Marcel Klehr <mklehr@gmx.net>	2023-07-06 12:41:42 +0200
committer	Marcel Klehr <mklehr@gmx.net>	2023-08-09 10:01:36 +0200
commit	445b72a93c11fe16f82e5693395ba37084430c35 (patch)
tree	46a23a0cb41d77870126b3812827907c548f27d4 /core/Controller
parent	8f0618de9fdfcbd0199f0895edca5edc0f2d8d7e (diff)
download	nextcloud-server-445b72a93c11fe16f82e5693395ba37084430c35.tar.gz nextcloud-server-445b72a93c11fe16f82e5693395ba37084430c35.zip