LLM OCP API: Fix security issue

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
author: Marcel Klehr <mklehr@gmx.net> 2023-07-06 12:41:42 +0200
committer: Marcel Klehr <mklehr@gmx.net> 2023-07-07 13:39:10 +0200
commit: f7e1e79880261e62daad800c42c0b65ca593a223 (patch)
tree: b4622f641a64f1742e211b0659ac0ae256af5b22 /core
parent: 62b19e0675681d251c210f4231823e3304bd6cd3 (diff)
download: nextcloud-server-f7e1e79880261e62daad800c42c0b65ca593a223.tar.gz
nextcloud-server-f7e1e79880261e62daad800c42c0b65ca593a223.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Controller/LanguageModelApiController.php b/core/Controller/LanguageModelApiController.php
index b31b8f66b4a..21954e7f1c7 100644
--- a/core/Controller/LanguageModelApiController.php
+++ b/core/Controller/LanguageModelApiController.php
@@ -85,6 +85,10 @@ class LanguageModelApiController extends \OCP\AppFramework\OCSController {
 		try {
 			$task = $this->languageModelManager->getTask($id);
 
+			if ($this->userId !== $task->getUserId()) {
+				return new DataResponse(['message' => $this->l->t('Task not found')], Http::STATUS_NOT_FOUND);
+			}
+
 			return new DataResponse([
 				'task' => $task,
 			]);
author	Marcel Klehr <mklehr@gmx.net>	2023-07-06 12:41:42 +0200
committer	Marcel Klehr <mklehr@gmx.net>	2023-07-07 13:39:10 +0200
commit	f7e1e79880261e62daad800c42c0b65ca593a223 (patch)
tree	b4622f641a64f1742e211b0659ac0ae256af5b22 /core
parent	62b19e0675681d251c210f4231823e3304bd6cd3 (diff)
download	nextcloud-server-f7e1e79880261e62daad800c42c0b65ca593a223.tar.gz nextcloud-server-f7e1e79880261e62daad800c42c0b65ca593a223.zip