diff options
| -rw-r--r-- | core/routes.php | 2 | ||||
| -rwxr-xr-x | lib/preview.php | 24 | ||||
| -rw-r--r-- | lib/preview/unknown.php | 10 |
3 files changed, 27 insertions, 9 deletions
diff --git a/core/routes.php b/core/routes.php index be5766cea9d..c45ffee26fd 100644 --- a/core/routes.php +++ b/core/routes.php @@ -44,6 +44,8 @@ $this->create('core_ajax_routes', '/core/routes.json') ->action('OC_Router', 'JSRoutes'); $this->create('core_ajax_preview', '/core/preview.png') ->action('OC_Preview', 'previewRouter'); +$this->create('core_ajax_public_preview', '/core/publicpreview.png') + ->action('OC_Preview', 'publicPreviewRouter'); OC::$CLASSPATH['OC_Core_LostPassword_Controller'] = 'core/lostpassword/controller.php'; $this->create('core_lostpassword_index', '/lostpassword/') ->get() diff --git a/lib/preview.php b/lib/preview.php index 572c85057be..39a87ed5396 100755 --- a/lib/preview.php +++ b/lib/preview.php @@ -529,16 +529,30 @@ class OC_Preview { if(array_key_exists('y', $_GET)) $maxY = (int) $_GET['y']; if(array_key_exists('scalingup', $_GET)) $scalingup = (bool) $_GET['scalingup']; if(array_key_exists('t', $_GET)) $token = (string) $_GET['t']; - + $linkItem = OCP\Share::getShareByToken($token); + if (is_array($linkItem) && isset($linkItem['uid_owner']) && isset($linkItem['file_source'])) { $userid = $linkItem['uid_owner']; - OC_Util::setupFS($fileOwner); - $path = $linkItem['file_source']; + OC_Util::setupFS($userid); + $pathid = $linkItem['file_source']; + $path = \OC\Files\Filesystem::getPath($pathid); + } + + //clean up file parameter + $file = \OC\Files\Filesystem::normalizePath($file); + if(!\OC\Files\Filesystem::isValidPath($file)){ + OC_Response::setStatus(403); + exit; + } + + $path = \OC\Files\Filesystem::normalizePath($path, false); + if(substr($path, 0, 1) == '/'){ + $path = substr($path, 1); } - if($user !== null && $path !== null){ - $preview = new OC_Preview($userid, $path, $file, $maxX, $maxY, $scalingup); + if($userid !== null && $path !== null){ + $preview = new OC_Preview($userid, 'files/' . $path, $file, $maxX, $maxY, $scalingup); $preview->showPreview(); }else{ OC_Response::setStatus(404); diff --git a/lib/preview/unknown.php b/lib/preview/unknown.php index 290c18a72d7..5bbdcf847f1 100644 --- a/lib/preview/unknown.php +++ b/lib/preview/unknown.php @@ -13,11 +13,13 @@ class OC_Preview_Unknown extends OC_Preview_Provider{ } public function getThumbnail($path, $maxX, $maxY, $scalingup,$fileview) { - - - $mimetype = $this->fileview->getMimeType($file); + /*$mimetype = $fileview->getMimeType($path); + $info = $fileview->getFileInfo($path); + $name = array_key_exists('name', $info) ? $info['name'] : ''; + $size = array_key_exists('size', $info) ? $info['size'] : 0; + $isencrypted = array_key_exists('encrypted', $info) ? $info['encrypted'] : false;*/ // show little lock return new \OC_Image(); } } -OC_Preview::registerProvider('OC_Preview_Unknown');
\ No newline at end of file +OC_Preview::registerProvider('OC_Preview_Unknown'); |