diff options
| -rw-r--r-- | core/ajax/share.php | 2 | ||||
| -rw-r--r-- | core/js/share.js | 9 | ||||
| -rw-r--r-- | lib/private/share/constants.php | 2 | ||||
| -rw-r--r-- | public.php | 2 | ||||
| -rw-r--r-- | s.php | 41 |
5 files changed, 53 insertions, 3 deletions
diff --git a/core/ajax/share.php b/core/ajax/share.php index c6da79a8a42..536f0e2ebd8 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -46,6 +46,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo (!empty($_POST['expirationDate']) ? new \DateTime($_POST['expirationDate']) : null) ); + $token = base_convert($token, 16, 36); + if (is_string($token)) { OC_JSON::success(array('data' => array('token' => $token))); } else { diff --git a/core/js/share.js b/core/js/share.js index f1652370d35..d00b5f1ccf9 100644 --- a/core/js/share.js +++ b/core/js/share.js @@ -663,6 +663,8 @@ OC.Share={ // TODO: use oc webroot ? var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service=files&'+type+'='+encodeURIComponent(file); } else { + // convert the token to base36 + //token = parseInt(token, 16).toString(36); //TODO add path param when showing a link to file in a subfolder of a public link share var service=''; if(linkSharetype === 'folder' || linkSharetype === 'file'){ @@ -672,8 +674,11 @@ OC.Share={ } // TODO: use oc webroot ? - var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service='+service+'&t='+token; - + if (service !== 'files') { + var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 'public.php')+'?service='+service+'&t='+token; + } else { + var link = parent.location.protocol+'//'+location.host+OC.linkTo('', 's.php')+'?t='+token; + } } $('#linkText').val(link); $('#linkText').show('blind'); diff --git a/lib/private/share/constants.php b/lib/private/share/constants.php index 4c398c43c2d..cf935bd4c0e 100644 --- a/lib/private/share/constants.php +++ b/lib/private/share/constants.php @@ -34,7 +34,7 @@ class Constants { const FORMAT_STATUSES = -2; const FORMAT_SOURCES = -3; // ToDo Check if it is still in use otherwise remove it - const TOKEN_LENGTH = 32; // see db_structure.xml + const TOKEN_LENGTH = 16; // old length is 32, thus 32 in db_structure.xml protected static $shareTypeUserAndGroups = -1; protected static $shareTypeGroupUserUnique = 2; diff --git a/public.php b/public.php index 0e04db66da7..b4578d991c8 100644 --- a/public.php +++ b/public.php @@ -36,6 +36,8 @@ try { \OC::$REQUESTEDAPP = $app; OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); + print_r($_GET); + print_r($parts); OC_Util::checkAppEnabled($app); OC_App::loadApp($app); diff --git a/s.php b/s.php new file mode 100644 index 00000000000..9223fd784ad --- /dev/null +++ b/s.php @@ -0,0 +1,41 @@ +<?php + +try { + + require_once 'lib/base.php'; + OC::checkMaintenanceMode(); + OC::checkSingleUserMode(); + $file = OCP\CONFIG::getAppValue('core', 'public_files'); + if(is_null($file)) { + header('HTTP/1.0 404 Not Found'); + exit; + } + + // convert the token to hex, if it's base36 + if (strlen((string)$_GET['t']) != 16 && strlen((string)$_GET['t']) != 32) { + $_GET['t'] = base_convert($_GET['t'], 36, 16); + + // the token should have leading zeroes and needs to be padded + if (strlen((string)$_GET['t']) != 16) { + $padding = ''; + for ($i = 0; $i < (16 - strlen((string)$_GET['t'])); $i++) { + $padding .= '0'; + } + $_GET['t'] = $padding . $_GET['t']; + } + } + + print($_GET['t']); + + OC_Util::checkAppEnabled('files_sharing'); + OC_App::loadApp('files_sharing'); + OC_User::setIncognitoMode(true); + + require_once OC_App::getAppPath('files_sharing') .'/public.php'; + +} catch (Exception $ex) { + //show the user a detailed error page + OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); + \OCP\Util::writeLog('remote', $ex->getMessage(), \OCP\Util::FATAL); + OC_Template::printExceptionErrorPage($ex); +} |