diff options
Diffstat (limited to 'apps/files_sharing/lib')
| -rw-r--r-- | apps/files_sharing/lib/Controller/PublicPreviewController.php | 16 | ||||
| -rw-r--r-- | apps/files_sharing/lib/ViewOnly.php | 13 |
2 files changed, 17 insertions, 12 deletions
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 9678aa67888..da71aca904c 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -78,6 +78,8 @@ class PublicPreviewController extends PublicShareController { int $y = 32, $a = false, ) { + $cacheForSeconds = 60 * 60 * 24; // 1 day + if ($token === '' || $x === 0 || $y === 0) { return new DataResponse([], Http::STATUS_BAD_REQUEST); } @@ -93,7 +95,17 @@ class PublicPreviewController extends PublicShareController { } $attributes = $share->getAttributes(); - if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) { + // Only explicitly set to false will forbid the download! + $downloadForbidden = $attributes?->getAttribute('permissions', 'download') === false; + // Is this header is set it means our UI is doing a preview for no-download shares + // we check a header so we at least prevent people from using the link directly (obfuscation) + $isPublicPreview = $this->request->getHeader('X-NC-Preview') === 'true'; + + if ($isPublicPreview && $downloadForbidden) { + // Only cache for 15 minutes on public preview requests to quickly remove from cache + $cacheForSeconds = 15 * 60; + } elseif ($downloadForbidden) { + // This is not a public share preview so we only allow a preview if download permissions are granted return new DataResponse([], Http::STATUS_FORBIDDEN); } @@ -107,7 +119,7 @@ class PublicPreviewController extends PublicShareController { $f = $this->previewManager->getPreview($file, $x, $y, !$a); $response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]); - $response->cacheFor(3600 * 24); + $response->cacheFor($cacheForSeconds); return $response; } catch (NotFoundException $e) { return new DataResponse([], Http::STATUS_NOT_FOUND); diff --git a/apps/files_sharing/lib/ViewOnly.php b/apps/files_sharing/lib/ViewOnly.php index 9cd18f968f6..2204d26388b 100644 --- a/apps/files_sharing/lib/ViewOnly.php +++ b/apps/files_sharing/lib/ViewOnly.php @@ -89,17 +89,10 @@ class ViewOnly { /** @var SharedStorage $storage */ $share = $storage->getShare(); - $canDownload = true; - - // Check if read-only and on whether permission can download is both set and disabled. + // Check whether download-permission was denied (granted if not set) $attributes = $share->getAttributes(); - if ($attributes !== null) { - $canDownload = $attributes->getAttribute('permissions', 'download'); - } + $canDownload = $attributes?->getAttribute('permissions', 'download'); - if ($canDownload !== null && !$canDownload) { - return false; - } - return true; + return $canDownload !== false; } } |