Redirect to the right token on public shares

If the token doesn't match (or isn't set) during the redirect. We should
properly set it. Else we might redirect to a later auth display that set
these values.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

1 files changed, 14 insertions, 0 deletions

diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php
index ffd2bddd24b..37a8cedcd7e 100644
--- a/lib/public/AppFramework/AuthPublicShareController.php
+++ b/lib/public/AppFramework/AuthPublicShareController.php
@@ -185,6 +185,20 @@ abstract class AuthPublicShareController extends PublicShareController {
 				$route = $params['_route'];
 				unset($params['_route']);
 			}
+
+			// If the token doesn't match the rest of the arguments can't be trusted either
+			if (isset($params['token']) && $params['token'] !== $this->getToken()) {
+				$params = [
+					'token' => $this->getToken(),
+				];
+			}
+
+			// We need a token
+			if (!isset($params['token'])) {
+				$params = [
+					'token' => $this->getToken(),
+				];
+			}
 		}
 
 		return new RedirectResponse($this->urlGenerator->linkToRoute($route, $params));