Check if the file isReadable() before sending a (cached) preview

author: Joas Schilling <coding@schilljs.com> 2016-08-26 15:51:18 +0200
committer: Joas Schilling <coding@schilljs.com> 2016-08-30 10:24:01 +0200
commit: 061aad5fe3c83700cb98d6f5ff1c30c4458e6930 (patch)
tree: fd911451cb5375b5712a60bf8ad53b4c40093733 /core
parent: f8a45b9e08de547914da6fb25c9fdc1e2ba2f306 (diff)
download: nextcloud-server-061aad5fe3c83700cb98d6f5ff1c30c4458e6930.tar.gz
nextcloud-server-061aad5fe3c83700cb98d6f5ff1c30c4458e6930.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/core/ajax/preview.php b/core/ajax/preview.php
index 2894efdc8e3..6cfba6aef30 100644
--- a/core/ajax/preview.php
+++ b/core/ajax/preview.php
@@ -53,6 +53,8 @@ $info = \OC\Files\Filesystem::getFileInfo($file);
 
 if (!$info instanceof OCP\Files\FileInfo || !$always && !\OC::$server->getPreviewManager()->isAvailable($info)) {
 	\OC_Response::setStatus(404);
+} else if (!$info->isReadable()) {
+	\OC_Response::setStatus(403);
 } else {
 	$preview = new \OC\Preview(\OC_User::getUser(), 'files');
 	$preview->setFile($file, $info);
author	Joas Schilling <coding@schilljs.com>	2016-08-26 15:51:18 +0200
committer	Joas Schilling <coding@schilljs.com>	2016-08-30 10:24:01 +0200
commit	061aad5fe3c83700cb98d6f5ff1c30c4458e6930 (patch)
tree	fd911451cb5375b5712a60bf8ad53b4c40093733 /core
parent	f8a45b9e08de547914da6fb25c9fdc1e2ba2f306 (diff)
download	nextcloud-server-061aad5fe3c83700cb98d6f5ff1c30c4458e6930.tar.gz nextcloud-server-061aad5fe3c83700cb98d6f5ff1c30c4458e6930.zip