This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
the variable you call a method on is always an object.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @author Arthur Schiwon <[email protected]> |
||
4 | * @author Björn Schießle <[email protected]> |
||
5 | * @author Georg Ehrke <[email protected]> |
||
6 | * @author Joas Schilling <[email protected]> |
||
7 | * @author Jörn Friedrich Dreyer <[email protected]> |
||
8 | * @author Lukas Reschke <[email protected]> |
||
9 | * @author Morris Jobke <[email protected]> |
||
10 | * @author Piotr Filiciak <[email protected]> |
||
11 | * @author Robin Appelman <[email protected]> |
||
12 | * @author Roeland Jago Douma <[email protected]> |
||
13 | * @author Thomas Müller <[email protected]> |
||
14 | * @author Vincent Petry <[email protected]> |
||
15 | * |
||
16 | * @copyright Copyright (c) 2018, ownCloud GmbH |
||
17 | * @license AGPL-3.0 |
||
18 | * |
||
19 | * This code is free software: you can redistribute it and/or modify |
||
20 | * it under the terms of the GNU Affero General Public License, version 3, |
||
21 | * as published by the Free Software Foundation. |
||
22 | * |
||
23 | * This program is distributed in the hope that it will be useful, |
||
24 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
25 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
26 | * GNU Affero General Public License for more details. |
||
27 | * |
||
28 | * You should have received a copy of the GNU Affero General Public License, version 3, |
||
29 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
||
30 | * |
||
31 | */ |
||
32 | |||
33 | namespace OCA\Files_Sharing\Controllers; |
||
34 | |||
35 | use OC; |
||
36 | use OC_Files; |
||
37 | use OC_Util; |
||
38 | use OCA\Files_Sharing\Activity; |
||
39 | use OCP; |
||
40 | use OCP\AppFramework\Controller; |
||
41 | use OCP\AppFramework\Http\NotFoundResponse; |
||
42 | use OCP\AppFramework\Http\RedirectResponse; |
||
43 | use OCP\AppFramework\Http\TemplateResponse; |
||
44 | use OCP\Files\IRootFolder; |
||
45 | use OCP\Files\NotFoundException; |
||
46 | use OCP\IConfig; |
||
47 | use OCP\ILogger; |
||
48 | use OCP\IPreview; |
||
49 | use OCP\IRequest; |
||
50 | use OCP\ISession; |
||
51 | use OCP\IURLGenerator; |
||
52 | use OCP\IUserManager; |
||
53 | use OCP\Share; |
||
54 | use OCP\Share\Exceptions\ShareNotFound; |
||
55 | use OCP\Template; |
||
56 | use Symfony\Component\EventDispatcher\EventDispatcher; |
||
57 | use Symfony\Component\EventDispatcher\GenericEvent; |
||
58 | |||
59 | /** |
||
60 | * Class ShareController |
||
61 | * |
||
62 | * @package OCA\Files_Sharing\Controllers |
||
63 | */ |
||
64 | class ShareController extends Controller { |
||
65 | |||
66 | /** @var IConfig */ |
||
67 | protected $config; |
||
68 | /** @var IURLGenerator */ |
||
69 | protected $urlGenerator; |
||
70 | /** @var IUserManager */ |
||
71 | protected $userManager; |
||
72 | /** @var ILogger */ |
||
73 | protected $logger; |
||
74 | /** @var OCP\Activity\IManager */ |
||
75 | protected $activityManager; |
||
76 | /** @var OCP\Share\IManager */ |
||
77 | protected $shareManager; |
||
78 | /** @var ISession */ |
||
79 | protected $session; |
||
80 | /** @var IPreview */ |
||
81 | protected $previewManager; |
||
82 | /** @var IRootFolder */ |
||
83 | protected $rootFolder; |
||
84 | /** @var EventDispatcher */ |
||
85 | protected $eventDispatcher; |
||
86 | |||
87 | /** |
||
88 | * @param string $appName |
||
89 | * @param IRequest $request |
||
90 | * @param IConfig $config |
||
91 | * @param IURLGenerator $urlGenerator |
||
92 | * @param IUserManager $userManager |
||
93 | * @param ILogger $logger |
||
94 | * @param OCP\Activity\IManager $activityManager |
||
95 | * @param \OCP\Share\IManager $shareManager |
||
96 | * @param ISession $session |
||
97 | * @param IPreview $previewManager |
||
98 | * @param IRootFolder $rootFolder |
||
99 | * @param EventDispatcher $eventDispatcher |
||
100 | */ |
||
101 | public function __construct($appName, |
||
102 | IRequest $request, |
||
103 | IConfig $config, |
||
104 | IURLGenerator $urlGenerator, |
||
105 | IUserManager $userManager, |
||
106 | ILogger $logger, |
||
107 | \OCP\Activity\IManager $activityManager, |
||
108 | \OCP\Share\IManager $shareManager, |
||
109 | ISession $session, |
||
110 | IPreview $previewManager, |
||
111 | IRootFolder $rootFolder, |
||
112 | EventDispatcher $eventDispatcher) { |
||
113 | parent::__construct($appName, $request); |
||
114 | |||
115 | $this->config = $config; |
||
116 | $this->urlGenerator = $urlGenerator; |
||
117 | $this->userManager = $userManager; |
||
118 | $this->logger = $logger; |
||
119 | $this->activityManager = $activityManager; |
||
120 | $this->shareManager = $shareManager; |
||
121 | $this->session = $session; |
||
122 | $this->previewManager = $previewManager; |
||
123 | $this->rootFolder = $rootFolder; |
||
124 | $this->eventDispatcher = $eventDispatcher; |
||
125 | } |
||
126 | |||
127 | /** |
||
128 | * @PublicPage |
||
129 | * @NoCSRFRequired |
||
130 | * |
||
131 | * @param string $token |
||
132 | * @return TemplateResponse|RedirectResponse |
||
133 | */ |
||
134 | public function showAuthenticate($token) { |
||
135 | $share = $this->shareManager->getShareByToken($token); |
||
136 | |||
137 | if ($this->linkShareAuth($share)) { |
||
138 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', ['token' => $token])); |
||
139 | } |
||
140 | |||
141 | return new TemplateResponse($this->appName, 'authenticate', [], 'guest'); |
||
142 | } |
||
143 | |||
144 | /** |
||
145 | * @PublicPage |
||
146 | * @UseSession |
||
147 | * |
||
148 | * Authenticates against password-protected shares |
||
149 | * @param string $token |
||
150 | * @param string $password |
||
151 | * @return RedirectResponse|TemplateResponse |
||
152 | */ |
||
153 | public function authenticate($token, $password = '') { |
||
154 | |||
155 | // Check whether share exists |
||
156 | try { |
||
157 | $share = $this->shareManager->getShareByToken($token); |
||
158 | } catch (ShareNotFound $e) { |
||
159 | return new NotFoundResponse(); |
||
160 | } |
||
161 | |||
162 | $authenticate = $this->linkShareAuth($share, $password); |
||
163 | |||
164 | if ($authenticate === true) { |
||
165 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', ['token' => $token])); |
||
166 | } |
||
167 | |||
168 | return new TemplateResponse($this->appName, 'authenticate', ['wrongpw' => true], 'guest'); |
||
169 | } |
||
170 | |||
171 | /** |
||
172 | * Authenticate a link item with the given password. |
||
173 | * Or use the session if no password is provided. |
||
174 | * |
||
175 | * This is a modified version of Helper::authenticate |
||
176 | * TODO: Try to merge back eventually with Helper::authenticate |
||
177 | * |
||
178 | * @param \OCP\Share\IShare $share |
||
179 | * @param string|null $password |
||
180 | * @return bool |
||
181 | */ |
||
182 | private function linkShareAuth(\OCP\Share\IShare $share, $password = null) { |
||
183 | if ($password !== null) { |
||
184 | if ($this->shareManager->checkPassword($share, $password)) { |
||
185 | $this->session->set('public_link_authenticated', (string)$share->getId()); |
||
186 | } else { |
||
187 | $this->emitAccessShareHook($share, 403, 'Wrong password'); |
||
188 | return false; |
||
189 | } |
||
190 | View Code Duplication | } else { |
|
191 | // not authenticated ? |
||
192 | if (! $this->session->exists('public_link_authenticated') |
||
193 | || $this->session->get('public_link_authenticated') !== (string)$share->getId()) { |
||
194 | return false; |
||
195 | } |
||
196 | } |
||
197 | return true; |
||
198 | } |
||
199 | |||
200 | /** |
||
201 | * throws hooks when a share is attempted to be accessed |
||
202 | * |
||
203 | * @param \OCP\Share\IShare|string $share the Share instance if available, |
||
204 | * otherwise token |
||
205 | * @param int $errorCode |
||
206 | * @param string $errorMessage |
||
207 | * @throws OC\HintException |
||
208 | * @throws OC\ServerNotAvailableException |
||
209 | */ |
||
210 | protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') { |
||
211 | $itemType = $itemSource = $uidOwner = ''; |
||
212 | $token = $share; |
||
213 | $exception = null; |
||
214 | if ($share instanceof \OCP\Share\IShare) { |
||
215 | try { |
||
216 | $token = $share->getToken(); |
||
217 | $uidOwner = $share->getSharedBy(); |
||
218 | $itemType = $share->getNodeType(); |
||
219 | $itemSource = $share->getNodeId(); |
||
220 | } catch (\Exception $e) { |
||
221 | // we log what we know and pass on the exception afterwards |
||
222 | $exception = $e; |
||
223 | } |
||
224 | } |
||
225 | \OC_Hook::emit('OCP\Share', 'share_link_access', [ |
||
226 | 'itemType' => $itemType, |
||
227 | 'itemSource' => $itemSource, |
||
228 | 'uidOwner' => $uidOwner, |
||
229 | 'token' => $token, |
||
230 | 'errorCode' => $errorCode, |
||
231 | 'errorMessage' => $errorMessage, |
||
232 | ]); |
||
233 | |||
234 | if ($share instanceof \OCP\Share\IShare) { |
||
235 | $cloneShare = clone $share; |
||
236 | $publicShareLinkAccessEvent = new GenericEvent(null, |
||
237 | ['shareObject' => $cloneShare, 'errorCode' => $errorCode, |
||
238 | 'errorMessage' => $errorMessage]); |
||
239 | |||
240 | $this->eventDispatcher->dispatch('share.linkaccess', $publicShareLinkAccessEvent); |
||
241 | } |
||
242 | |||
243 | if ($exception !== null) { |
||
244 | throw $exception; |
||
245 | } |
||
246 | } |
||
247 | |||
248 | /** |
||
249 | * Validate the permissions of the share |
||
250 | * |
||
251 | * @param Share\IShare $share |
||
252 | * @return bool |
||
253 | */ |
||
254 | private function validateShare(\OCP\Share\IShare $share) { |
||
255 | return $share->getNode()->isReadable() && $share->getNode()->isShareable(); |
||
256 | } |
||
257 | |||
258 | /** |
||
259 | * Renders and displays the public link page template |
||
260 | * |
||
261 | * @PublicPage |
||
262 | * @NoCSRFRequired |
||
263 | * |
||
264 | * @param string $token |
||
265 | * @param string $path |
||
266 | * @return NotFoundResponse|RedirectResponse|TemplateResponse |
||
267 | * @throws NotFoundException |
||
268 | */ |
||
269 | public function showShare($token, $path = '') { |
||
270 | \OC_User::setIncognitoMode(true); |
||
271 | |||
272 | // Check whether share exists |
||
273 | try { |
||
274 | $share = $this->shareManager->getShareByToken($token); |
||
275 | } catch (ShareNotFound $e) { |
||
276 | $this->emitAccessShareHook($token, 404, 'Share not found'); |
||
277 | return new NotFoundResponse(); |
||
278 | } |
||
279 | |||
280 | // Share is password protected - check whether the user is permitted to access the share |
||
281 | View Code Duplication | if ($share->getPassword() !== null && !$this->linkShareAuth($share)) { |
|
282 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', |
||
283 | ['token' => $token])); |
||
284 | } |
||
285 | |||
286 | if (!$this->validateShare($share)) { |
||
287 | throw new NotFoundException(); |
||
288 | } |
||
289 | // We can't get the path of a file share |
||
290 | try { |
||
291 | if ($share->getNode() instanceof \OCP\Files\File && $path !== '') { |
||
292 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
293 | throw new NotFoundException(); |
||
294 | } |
||
295 | } catch (\Exception $e) { |
||
296 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
297 | throw $e; |
||
298 | } |
||
299 | |||
300 | $rootFolder = null; |
||
301 | if ($share->getNode() instanceof \OCP\Files\Folder) { |
||
302 | /** @var \OCP\Files\Folder $rootFolder */ |
||
303 | $rootFolder = $share->getNode(); |
||
304 | |||
305 | try { |
||
306 | $path = $rootFolder->get($path); |
||
307 | } catch (\OCP\Files\NotFoundException $e) { |
||
308 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
309 | throw new NotFoundException(); |
||
310 | } |
||
311 | } |
||
312 | |||
313 | $shareTmpl = []; |
||
314 | $shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName(); |
||
315 | $shareTmpl['owner'] = $share->getShareOwner(); |
||
316 | $shareTmpl['filename'] = $share->getNode()->getName(); |
||
317 | $shareTmpl['directory_path'] = $share->getTarget(); |
||
318 | $shareTmpl['mimetype'] = $share->getNode()->getMimetype(); |
||
319 | $shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype()); |
||
320 | $shareTmpl['dirToken'] = $token; |
||
321 | $shareTmpl['sharingToken'] = $token; |
||
322 | $shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false'; |
||
323 | $shareTmpl['dir'] = ''; |
||
324 | $shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize(); |
||
325 | $shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize()); |
||
326 | |||
327 | // Show file list |
||
328 | if ($share->getNode() instanceof \OCP\Files\Folder) { |
||
329 | $shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath()); |
||
0 ignored issues
–
show
|
|||
330 | |||
331 | /* |
||
332 | * The OC_Util methods require a view. This just uses the node API |
||
333 | */ |
||
334 | $freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath()); |
||
335 | View Code Duplication | if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) { |
|
336 | $freeSpace = \max($freeSpace, 0); |
||
337 | } else { |
||
338 | $freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188 |
||
339 | } |
||
340 | |||
341 | $maxUploadFilesize = $freeSpace; |
||
342 | |||
343 | if ($share->getPermissions() & \OCP\Constants::PERMISSION_READ > 0) { |
||
344 | $folder = new Template('files', 'list', ''); |
||
345 | $folder->assign('dir', $rootFolder->getRelativePath($path->getPath())); |
||
346 | $folder->assign('dirToken', $token); |
||
347 | $folder->assign('permissions', \OCP\Constants::PERMISSION_READ); |
||
348 | $folder->assign('isPublic', true); |
||
349 | $folder->assign('publicUploadEnabled', 'no'); |
||
350 | $folder->assign('uploadMaxFilesize', $maxUploadFilesize); |
||
351 | $folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); |
||
352 | $folder->assign('freeSpace', $freeSpace); |
||
353 | $folder->assign('usedSpacePercent', 0); |
||
354 | $folder->assign('trash', false); |
||
355 | $shareTmpl['folder'] = $folder->fetchPage(); |
||
356 | } else { |
||
357 | $folder = new Template('files_sharing', 'upload', ''); |
||
358 | $shareTmpl['folder'] = $folder->fetchPage(); |
||
359 | } |
||
360 | } |
||
361 | |||
362 | $shareTmpl['canDownload'] = !!($share->getPermissions() & \OCP\Constants::PERMISSION_READ > 0); |
||
363 | $shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]); |
||
364 | $shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]); |
||
365 | $shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10); |
||
366 | $shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true); |
||
367 | $shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024); |
||
368 | $shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024); |
||
369 | if ($shareTmpl['previewSupported']) { |
||
370 | $shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute('core_ajax_public_preview', |
||
371 | ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]); |
||
372 | } else { |
||
373 | $shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png')); |
||
374 | } |
||
375 | |||
376 | $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts'); |
||
377 | |||
378 | $csp = new OCP\AppFramework\Http\ContentSecurityPolicy(); |
||
379 | $csp->addAllowedFrameDomain('\'self\''); |
||
380 | $response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base'); |
||
381 | $response->setContentSecurityPolicy($csp); |
||
382 | |||
383 | $this->emitAccessShareHook($share); |
||
384 | |||
385 | return $response; |
||
386 | } |
||
387 | |||
388 | /** |
||
389 | * @PublicPage |
||
390 | * @NoCSRFRequired |
||
391 | * |
||
392 | * @param string $token |
||
393 | * @param string $files |
||
394 | * @param string $path |
||
395 | * @param string $downloadStartSecret |
||
396 | * @return NotFoundResponse|RedirectResponse|void |
||
397 | */ |
||
398 | public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { |
||
399 | \OC_User::setIncognitoMode(true); |
||
400 | |||
401 | $share = $this->shareManager->getShareByToken($token); |
||
402 | |||
403 | // Share is password protected - check whether the user is permitted to access the share |
||
404 | View Code Duplication | if ($share->getPassword() !== null && !$this->linkShareAuth($share)) { |
|
405 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', |
||
406 | ['token' => $token])); |
||
407 | } |
||
408 | |||
409 | if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { |
||
410 | throw new NotFoundException(); |
||
411 | } |
||
412 | |||
413 | $files_list = $files; |
||
414 | if ($files !== null) { // download selected files |
||
415 | // in case we get only a single file |
||
416 | if (!\is_array($files_list)) { |
||
417 | $files_list = [(string)$files_list]; |
||
418 | } |
||
419 | } |
||
420 | |||
421 | $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); |
||
422 | $originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath()); |
||
423 | |||
424 | if (!$this->validateShare($share)) { |
||
425 | throw new NotFoundException(); |
||
426 | } |
||
427 | |||
428 | // Single file share |
||
429 | if ($share->getNode() instanceof \OCP\Files\File) { |
||
430 | // Single file download |
||
431 | $event = $this->activityManager->generateEvent(); |
||
432 | $event->setApp('files_sharing') |
||
433 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
434 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($share->getNode()->getPath())]) |
||
435 | ->setAffectedUser($share->getShareOwner()) |
||
436 | ->setObject('files', $share->getNode()->getId(), $userFolder->getRelativePath($share->getNode()->getPath())); |
||
437 | $this->activityManager->publish($event); |
||
438 | } |
||
439 | // Directory share |
||
440 | else { |
||
441 | /** @var \OCP\Files\Folder $node */ |
||
442 | $node = $share->getNode(); |
||
443 | |||
444 | // Try to get the path |
||
445 | if ($path !== '') { |
||
446 | try { |
||
447 | $node = $node->get($path); |
||
448 | } catch (NotFoundException $e) { |
||
449 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
450 | return new NotFoundResponse(); |
||
451 | } |
||
452 | } |
||
453 | |||
454 | $originalSharePath = $userFolder->getRelativePath($node->getPath()); |
||
455 | |||
456 | if ($node instanceof \OCP\Files\File) { |
||
457 | // Single file download |
||
458 | $event = $this->activityManager->generateEvent(); |
||
459 | $event->setApp('files_sharing') |
||
460 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
461 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($node->getPath())]) |
||
462 | ->setAffectedUser($share->getShareOwner()) |
||
463 | ->setObject('files', $node->getId(), $userFolder->getRelativePath($node->getPath())); |
||
464 | $this->activityManager->publish($event); |
||
465 | } elseif (!empty($files_list)) { |
||
466 | /** @var \OCP\Files\Folder $node */ |
||
467 | |||
468 | // Subset of files is downloaded |
||
469 | foreach ($files_list as $file) { |
||
470 | $subNode = $node->get($file); |
||
471 | |||
472 | $event = $this->activityManager->generateEvent(); |
||
473 | $event->setApp('files_sharing') |
||
474 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
475 | ->setAffectedUser($share->getShareOwner()) |
||
476 | ->setObject('files', $subNode->getId(), $userFolder->getRelativePath($subNode->getPath())); |
||
477 | |||
478 | if ($subNode instanceof \OCP\Files\File) { |
||
479 | $event->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($subNode->getPath())]); |
||
480 | } else { |
||
481 | $event->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED, [$userFolder->getRelativePath($subNode->getPath())]); |
||
482 | } |
||
483 | |||
484 | $this->activityManager->publish($event); |
||
485 | } |
||
486 | } else { |
||
487 | // The folder is downloaded |
||
488 | $event = $this->activityManager->generateEvent(); |
||
489 | $event->setApp('files_sharing') |
||
490 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
491 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED, [$userFolder->getRelativePath($node->getPath())]) |
||
492 | ->setAffectedUser($share->getShareOwner()) |
||
493 | ->setObject('files', $node->getId(), $userFolder->getRelativePath($node->getPath())); |
||
494 | $this->activityManager->publish($event); |
||
495 | } |
||
496 | } |
||
497 | |||
498 | /* FIXME: We should do this all nicely in OCP */ |
||
499 | OC_Util::tearDownFS(); |
||
500 | OC_Util::setupFS($share->getShareOwner()); |
||
501 | |||
502 | /** |
||
503 | * this sets a cookie to be able to recognize the start of the download |
||
504 | * the content must not be longer than 32 characters and must only contain |
||
505 | * alphanumeric characters |
||
506 | */ |
||
507 | View Code Duplication | if (!empty($downloadStartSecret) |
|
508 | && !isset($downloadStartSecret[32]) |
||
509 | && \preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) { |
||
510 | |||
511 | // FIXME: set on the response once we use an actual app framework response |
||
512 | \setcookie('ocDownloadStarted', $downloadStartSecret, \time() + 20, '/'); |
||
513 | } |
||
514 | |||
515 | $this->emitAccessShareHook($share); |
||
516 | |||
517 | $server_params = ['head' => $this->request->getMethod() == 'HEAD']; |
||
518 | |||
519 | /** |
||
520 | * Http range requests support |
||
521 | */ |
||
522 | if (isset($_SERVER['HTTP_RANGE'])) { |
||
523 | $server_params['range'] = $this->request->getHeader('Range'); |
||
524 | } |
||
525 | |||
526 | // download selected files |
||
527 | if ($files !== null && $files !== '') { |
||
528 | // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
||
529 | // after dispatching the request which results in a "Cannot modify header information" notice. |
||
530 | OC_Files::get($originalSharePath, $files_list, $server_params); |
||
531 | exit(); |
||
532 | } else { |
||
533 | // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
||
534 | // after dispatching the request which results in a "Cannot modify header information" notice. |
||
535 | OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); |
||
536 | exit(); |
||
537 | } |
||
538 | } |
||
539 | } |
||
540 |
If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: