aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/public/AppFramework/AuthPublicShareController.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/public/AppFramework/AuthPublicShareController.php b/lib/public/AppFramework/AuthPublicShareController.php
index ffd2bddd24b..37a8cedcd7e 100644
--- a/lib/public/AppFramework/AuthPublicShareController.php
+++ b/lib/public/AppFramework/AuthPublicShareController.php
@@ -185,6 +185,20 @@ abstract class AuthPublicShareController extends PublicShareController {
$route = $params['_route'];
unset($params['_route']);
}
+
+ // If the token doesn't match the rest of the arguments can't be trusted either
+ if (isset($params['token']) && $params['token'] !== $this->getToken()) {
+ $params = [
+ 'token' => $this->getToken(),
+ ];
+ }
+
+ // We need a token
+ if (!isset($params['token'])) {
+ $params = [
+ 'token' => $this->getToken(),
+ ];
+ }
}
return new RedirectResponse($this->urlGenerator->linkToRoute($route, $params));
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 16:44:35 +0000