diff options
Diffstat (limited to 'core/ajax')
-rw-r--r-- | core/ajax/preview.php | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/core/ajax/preview.php b/core/ajax/preview.php index a1267d6f5cf..5c6d5ce25ab 100644 --- a/core/ajax/preview.php +++ b/core/ajax/preview.php @@ -7,34 +7,38 @@ */ \OC_Util::checkLoggedIn(); -$file = array_key_exists('file', $_GET) ? (string) $_GET['file'] : ''; -$maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : '36'; -$maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : '36'; -$scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true; +$file = array_key_exists('file', $_GET) ? (string)$_GET['file'] : ''; +$maxX = array_key_exists('x', $_GET) ? (int)$_GET['x'] : '36'; +$maxY = array_key_exists('y', $_GET) ? (int)$_GET['y'] : '36'; +$scalingUp = array_key_exists('scalingup', $_GET) ? (bool)$_GET['scalingup'] : true; -if($file === '') { +if ($file === '') { //400 Bad Request \OC_Response::setStatus(400); \OC_Log::write('core-preview', 'No file parameter was passed', \OC_Log::DEBUG); exit; } -if($maxX === 0 || $maxY === 0) { +if ($maxX === 0 || $maxY === 0) { //400 Bad Request \OC_Response::setStatus(400); \OC_Log::write('core-preview', 'x and/or y set to 0', \OC_Log::DEBUG); exit; } -try{ +try { $preview = new \OC\Preview(\OC_User::getUser(), 'files'); - $preview->setFile($file); - $preview->setMaxX($maxX); - $preview->setMaxY($maxY); - $preview->setScalingUp($scalingUp); + if (!$preview->isMimeSupported(\OC\Files\Filesystem::getMimeType($file))) { + \OC_Response::setStatus(404); + } else { + $preview->setFile($file); + $preview->setMaxX($maxX); + $preview->setMaxY($maxY); + $preview->setScalingUp($scalingUp); + } $preview->show(); -}catch(\Exception $e) { +} catch (\Exception $e) { \OC_Response::setStatus(500); \OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG); -}
\ No newline at end of file +} |