diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2016-08-30 11:33:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-30 11:33:48 +0200 |
| commit | 83490e90ef70d4da60982d86fc84725c373fe5f4 (patch) | |
| tree | c1901f70765d0bebe8a2e0100da62fb9457bd95a /core | |
| parent | 989473169eb508fe328df65564b0ec37f9a15f29 (diff) | |
| parent | f41c8c00894ebd687e60731e673140c8f5bda320 (diff) | |
| download | nextcloud-server-83490e90ef70d4da60982d86fc84725c373fe5f4.tar.gz nextcloud-server-83490e90ef70d4da60982d86fc84725c373fe5f4.zip | |
Merge pull request #1089 from nextcloud/allow-to-prevent-previews
Check if the file isReadable() before sending a (cached) preview
Diffstat (limited to 'core')
| -rw-r--r-- | core/ajax/preview.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/ajax/preview.php b/core/ajax/preview.php index 2894efdc8e3..6cfba6aef30 100644 --- a/core/ajax/preview.php +++ b/core/ajax/preview.php @@ -53,6 +53,8 @@ $info = \OC\Files\Filesystem::getFileInfo($file); if (!$info instanceof OCP\Files\FileInfo || !$always && !\OC::$server->getPreviewManager()->isAvailable($info)) { \OC_Response::setStatus(404); +} else if (!$info->isReadable()) { + \OC_Response::setStatus(403); } else { $preview = new \OC\Preview(\OC_User::getUser(), 'files'); $preview->setFile($file, $info); |