diff options
| -rw-r--r-- | apps/dav/lib/Controller/DirectController.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/dav/lib/Controller/DirectController.php b/apps/dav/lib/Controller/DirectController.php index ff7c96ddef1..35f4c0dbcb5 100644 --- a/apps/dav/lib/Controller/DirectController.php +++ b/apps/dav/lib/Controller/DirectController.php @@ -90,6 +90,10 @@ class DirectController extends OCSController { throw new OCSNotFoundException(); } + if ($expirationTime <= 0 || $expirationTime > (60 * 60 * 24)) { + throw new OCSBadRequestException('Expiration time should be greater than 0 and less than or equal to ' . (60 * 60 * 24)); + } + $file = array_shift($files); if (!($file instanceof File)) { throw new OCSBadRequestException('Direct download only works for files'); |