diff options
| author | Georg Ehrke <georg@ownCloud.com> | 2013-05-22 15:12:25 +0200 |
|---|---|---|
| committer | Georg Ehrke <georg@ownCloud.com> | 2013-05-22 15:13:02 +0200 |
| commit | 00985068ca249f4087f9f5b634e628afb8e8f7b1 (patch) | |
| tree | 5dc369f596350dbe478548fb1fd4d03a383cd375 /lib/preview.php | |
| parent | 13c6ef1ba9c3f857150679d164852d8724ab946f (diff) | |
| download | nextcloud-server-00985068ca249f4087f9f5b634e628afb8e8f7b1.tar.gz nextcloud-server-00985068ca249f4087f9f5b634e628afb8e8f7b1.zip | |
add previews for public files
Diffstat (limited to 'lib/preview.php')
| -rwxr-xr-x | lib/preview.php | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/lib/preview.php b/lib/preview.php index 572c85057be..39a87ed5396 100755 --- a/lib/preview.php +++ b/lib/preview.php @@ -529,16 +529,30 @@ class OC_Preview { if(array_key_exists('y', $_GET)) $maxY = (int) $_GET['y']; if(array_key_exists('scalingup', $_GET)) $scalingup = (bool) $_GET['scalingup']; if(array_key_exists('t', $_GET)) $token = (string) $_GET['t']; - + $linkItem = OCP\Share::getShareByToken($token); + if (is_array($linkItem) && isset($linkItem['uid_owner']) && isset($linkItem['file_source'])) { $userid = $linkItem['uid_owner']; - OC_Util::setupFS($fileOwner); - $path = $linkItem['file_source']; + OC_Util::setupFS($userid); + $pathid = $linkItem['file_source']; + $path = \OC\Files\Filesystem::getPath($pathid); + } + + //clean up file parameter + $file = \OC\Files\Filesystem::normalizePath($file); + if(!\OC\Files\Filesystem::isValidPath($file)){ + OC_Response::setStatus(403); + exit; + } + + $path = \OC\Files\Filesystem::normalizePath($path, false); + if(substr($path, 0, 1) == '/'){ + $path = substr($path, 1); } - if($user !== null && $path !== null){ - $preview = new OC_Preview($userid, $path, $file, $maxX, $maxY, $scalingup); + if($userid !== null && $path !== null){ + $preview = new OC_Preview($userid, 'files/' . $path, $file, $maxX, $maxY, $scalingup); $preview->showPreview(); }else{ OC_Response::setStatus(404); |