This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @author Arthur Schiwon <[email protected]> |
||
4 | * @author Björn Schießle <[email protected]> |
||
5 | * @author Georg Ehrke <[email protected]> |
||
6 | * @author Joas Schilling <[email protected]> |
||
7 | * @author Jörn Friedrich Dreyer <[email protected]> |
||
8 | * @author Lukas Reschke <[email protected]> |
||
9 | * @author Morris Jobke <[email protected]> |
||
10 | * @author Piotr Filiciak <[email protected]> |
||
11 | * @author Robin Appelman <[email protected]> |
||
12 | * @author Roeland Jago Douma <[email protected]> |
||
13 | * @author Thomas Müller <[email protected]> |
||
14 | * @author Vincent Petry <[email protected]> |
||
15 | * |
||
16 | * @copyright Copyright (c) 2018, ownCloud GmbH |
||
17 | * @license AGPL-3.0 |
||
18 | * |
||
19 | * This code is free software: you can redistribute it and/or modify |
||
20 | * it under the terms of the GNU Affero General Public License, version 3, |
||
21 | * as published by the Free Software Foundation. |
||
22 | * |
||
23 | * This program is distributed in the hope that it will be useful, |
||
24 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
25 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
26 | * GNU Affero General Public License for more details. |
||
27 | * |
||
28 | * You should have received a copy of the GNU Affero General Public License, version 3, |
||
29 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
||
30 | * |
||
31 | */ |
||
32 | |||
33 | namespace OCA\Files_Sharing\Controllers; |
||
34 | |||
35 | use OC; |
||
36 | use OC_Files; |
||
37 | use OC_Util; |
||
38 | use OCA\Files_Sharing\Activity; |
||
39 | use OCP; |
||
40 | use OCP\AppFramework\Controller; |
||
41 | use OCP\AppFramework\Http\NotFoundResponse; |
||
42 | use OCP\AppFramework\Http\RedirectResponse; |
||
43 | use OCP\AppFramework\Http\TemplateResponse; |
||
44 | use OCP\Files\IRootFolder; |
||
45 | use OCP\Files\NotFoundException; |
||
46 | use OCP\IConfig; |
||
47 | use OCP\ILogger; |
||
48 | use OCP\IPreview; |
||
49 | use OCP\IRequest; |
||
50 | use OCP\ISession; |
||
51 | use OCP\IURLGenerator; |
||
52 | use OCP\IUserManager; |
||
53 | use OCP\Share; |
||
54 | use OCP\Share\Exceptions\ShareNotFound; |
||
55 | use OCP\Template; |
||
56 | use Symfony\Component\EventDispatcher\EventDispatcher; |
||
57 | use Symfony\Component\EventDispatcher\GenericEvent; |
||
58 | |||
59 | /** |
||
60 | * Class ShareController |
||
61 | * |
||
62 | * @package OCA\Files_Sharing\Controllers |
||
63 | */ |
||
64 | class ShareController extends Controller { |
||
65 | |||
66 | /** @var IConfig */ |
||
67 | protected $config; |
||
68 | /** @var IURLGenerator */ |
||
69 | protected $urlGenerator; |
||
70 | /** @var IUserManager */ |
||
71 | protected $userManager; |
||
72 | /** @var ILogger */ |
||
73 | protected $logger; |
||
74 | /** @var OCP\Activity\IManager */ |
||
75 | protected $activityManager; |
||
76 | /** @var OCP\Share\IManager */ |
||
77 | protected $shareManager; |
||
78 | /** @var ISession */ |
||
79 | protected $session; |
||
80 | /** @var IPreview */ |
||
81 | protected $previewManager; |
||
82 | /** @var IRootFolder */ |
||
83 | protected $rootFolder; |
||
84 | /** @var EventDispatcher */ |
||
85 | protected $eventDispatcher; |
||
86 | |||
87 | /** |
||
88 | * @param string $appName |
||
89 | * @param IRequest $request |
||
90 | * @param IConfig $config |
||
91 | * @param IURLGenerator $urlGenerator |
||
92 | * @param IUserManager $userManager |
||
93 | * @param ILogger $logger |
||
94 | * @param OCP\Activity\IManager $activityManager |
||
95 | * @param \OCP\Share\IManager $shareManager |
||
96 | * @param ISession $session |
||
97 | * @param IPreview $previewManager |
||
98 | * @param IRootFolder $rootFolder |
||
99 | * @param EventDispatcher $eventDispatcher |
||
100 | */ |
||
101 | public function __construct($appName, |
||
102 | IRequest $request, |
||
103 | IConfig $config, |
||
104 | IURLGenerator $urlGenerator, |
||
105 | IUserManager $userManager, |
||
106 | ILogger $logger, |
||
107 | \OCP\Activity\IManager $activityManager, |
||
108 | \OCP\Share\IManager $shareManager, |
||
109 | ISession $session, |
||
110 | IPreview $previewManager, |
||
111 | IRootFolder $rootFolder, |
||
112 | EventDispatcher $eventDispatcher) { |
||
113 | parent::__construct($appName, $request); |
||
114 | |||
115 | $this->config = $config; |
||
116 | $this->urlGenerator = $urlGenerator; |
||
117 | $this->userManager = $userManager; |
||
118 | $this->logger = $logger; |
||
119 | $this->activityManager = $activityManager; |
||
120 | $this->shareManager = $shareManager; |
||
121 | $this->session = $session; |
||
122 | $this->previewManager = $previewManager; |
||
123 | $this->rootFolder = $rootFolder; |
||
124 | $this->eventDispatcher = $eventDispatcher; |
||
125 | } |
||
126 | |||
127 | /** |
||
128 | * @PublicPage |
||
129 | * @NoCSRFRequired |
||
130 | * |
||
131 | * @param string $token |
||
132 | * @return TemplateResponse|RedirectResponse |
||
133 | */ |
||
134 | public function showAuthenticate($token) { |
||
135 | $share = $this->shareManager->getShareByToken($token); |
||
136 | |||
137 | if ($this->linkShareAuth($share)) { |
||
138 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', ['token' => $token])); |
||
139 | } |
||
140 | |||
141 | return new TemplateResponse($this->appName, 'authenticate', [], 'guest'); |
||
142 | } |
||
143 | |||
144 | /** |
||
145 | * @PublicPage |
||
146 | * @UseSession |
||
147 | * |
||
148 | * Authenticates against password-protected shares |
||
149 | * @param string $token |
||
150 | * @param string $password |
||
151 | * @return RedirectResponse|TemplateResponse |
||
152 | */ |
||
153 | public function authenticate($token, $password = '') { |
||
154 | |||
155 | // Check whether share exists |
||
156 | try { |
||
157 | $share = $this->shareManager->getShareByToken($token); |
||
158 | } catch (ShareNotFound $e) { |
||
159 | return new NotFoundResponse(); |
||
160 | } |
||
161 | |||
162 | $authenticate = $this->linkShareAuth($share, $password); |
||
163 | |||
164 | if ($authenticate === true) { |
||
165 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.showShare', ['token' => $token])); |
||
166 | } |
||
167 | |||
168 | return new TemplateResponse($this->appName, 'authenticate', ['wrongpw' => true], 'guest'); |
||
169 | } |
||
170 | |||
171 | /** |
||
172 | * Authenticate a link item with the given password. |
||
173 | * Or use the session if no password is provided. |
||
174 | * |
||
175 | * This is a modified version of Helper::authenticate |
||
176 | * TODO: Try to merge back eventually with Helper::authenticate |
||
177 | * |
||
178 | * @param \OCP\Share\IShare $share |
||
179 | * @param string|null $password |
||
180 | * @return bool |
||
181 | */ |
||
182 | private function linkShareAuth(\OCP\Share\IShare $share, $password = null) { |
||
183 | if ($password !== null) { |
||
184 | if ($this->shareManager->checkPassword($share, $password)) { |
||
185 | $this->session->set('public_link_authenticated', (string)$share->getId()); |
||
186 | } else { |
||
187 | $this->emitAccessShareHook($share, 403, 'Wrong password'); |
||
188 | return false; |
||
189 | } |
||
190 | View Code Duplication | } else { |
|
191 | // not authenticated ? |
||
192 | if (! $this->session->exists('public_link_authenticated') |
||
193 | || $this->session->get('public_link_authenticated') !== (string)$share->getId()) { |
||
194 | return false; |
||
195 | } |
||
196 | } |
||
197 | return true; |
||
198 | } |
||
199 | |||
200 | /** |
||
201 | * throws hooks when a share is attempted to be accessed |
||
202 | * |
||
203 | * @param \OCP\Share\IShare|string $share the Share instance if available, |
||
204 | * otherwise token |
||
205 | * @param int $errorCode |
||
206 | * @param string $errorMessage |
||
207 | * @throws OC\HintException |
||
208 | * @throws OC\ServerNotAvailableException |
||
209 | */ |
||
210 | protected function emitAccessShareHook($share, $errorCode = 200, $errorMessage = '') { |
||
211 | $itemType = $itemSource = $uidOwner = ''; |
||
212 | $token = $share; |
||
213 | $exception = null; |
||
214 | if ($share instanceof \OCP\Share\IShare) { |
||
215 | try { |
||
216 | $token = $share->getToken(); |
||
217 | $uidOwner = $share->getSharedBy(); |
||
218 | $itemType = $share->getNodeType(); |
||
219 | $itemSource = $share->getNodeId(); |
||
220 | } catch (\Exception $e) { |
||
221 | // we log what we know and pass on the exception afterwards |
||
222 | $exception = $e; |
||
223 | } |
||
224 | } |
||
225 | \OC_Hook::emit('OCP\Share', 'share_link_access', [ |
||
226 | 'itemType' => $itemType, |
||
227 | 'itemSource' => $itemSource, |
||
228 | 'uidOwner' => $uidOwner, |
||
229 | 'token' => $token, |
||
230 | 'errorCode' => $errorCode, |
||
231 | 'errorMessage' => $errorMessage, |
||
232 | ]); |
||
233 | |||
234 | if ($share instanceof \OCP\Share\IShare) { |
||
235 | $cloneShare = clone $share; |
||
236 | $publicShareLinkAccessEvent = new GenericEvent(null, |
||
237 | ['shareObject' => $cloneShare, 'errorCode' => $errorCode, |
||
238 | 'errorMessage' => $errorMessage]); |
||
239 | |||
240 | $this->eventDispatcher->dispatch('share.linkaccess', $publicShareLinkAccessEvent); |
||
241 | } |
||
242 | |||
243 | if ($exception !== null) { |
||
244 | throw $exception; |
||
245 | } |
||
246 | } |
||
247 | |||
248 | /** |
||
249 | * Validate the permissions of the share |
||
250 | * |
||
251 | * @param Share\IShare $share |
||
252 | * @return bool |
||
253 | */ |
||
254 | private function validateShare(\OCP\Share\IShare $share) { |
||
255 | return $share->getNode()->isReadable() && $share->getNode()->isShareable(); |
||
256 | } |
||
257 | |||
258 | /** |
||
259 | * Renders and displays the public link page template |
||
260 | * |
||
261 | * @PublicPage |
||
262 | * @NoCSRFRequired |
||
263 | * |
||
264 | * @param string $token |
||
265 | * @param string $path |
||
266 | * @return NotFoundResponse|RedirectResponse|TemplateResponse |
||
267 | * @throws NotFoundException |
||
268 | */ |
||
269 | public function showShare($token, $path = '') { |
||
270 | \OC_User::setIncognitoMode(true); |
||
271 | |||
272 | // Check whether share exists |
||
273 | try { |
||
274 | $share = $this->shareManager->getShareByToken($token); |
||
275 | } catch (ShareNotFound $e) { |
||
276 | $this->emitAccessShareHook($token, 404, 'Share not found'); |
||
277 | return new NotFoundResponse(); |
||
278 | } |
||
279 | |||
280 | // Share is password protected - check whether the user is permitted to access the share |
||
281 | View Code Duplication | if ($share->getPassword() !== null && !$this->linkShareAuth($share)) { |
|
0 ignored issues
–
show
|
|||
282 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', |
||
283 | ['token' => $token])); |
||
284 | } |
||
285 | |||
286 | if (!$this->validateShare($share)) { |
||
287 | throw new NotFoundException(); |
||
288 | } |
||
289 | // We can't get the path of a file share |
||
290 | try { |
||
291 | if ($share->getNode() instanceof \OCP\Files\File && $path !== '') { |
||
292 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
293 | throw new NotFoundException(); |
||
294 | } |
||
295 | } catch (\Exception $e) { |
||
296 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
297 | throw $e; |
||
298 | } |
||
299 | |||
300 | $rootFolder = null; |
||
301 | if ($share->getNode() instanceof \OCP\Files\Folder) { |
||
302 | /** @var \OCP\Files\Folder $rootFolder */ |
||
303 | $rootFolder = $share->getNode(); |
||
304 | |||
305 | try { |
||
306 | $path = $rootFolder->get($path); |
||
307 | } catch (\OCP\Files\NotFoundException $e) { |
||
308 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
309 | throw new NotFoundException(); |
||
310 | } |
||
311 | } |
||
312 | |||
313 | $shareTmpl = []; |
||
314 | $shareTmpl['displayName'] = $this->userManager->get($share->getShareOwner())->getDisplayName(); |
||
315 | $shareTmpl['owner'] = $share->getShareOwner(); |
||
316 | $shareTmpl['filename'] = $share->getNode()->getName(); |
||
317 | $shareTmpl['directory_path'] = $share->getTarget(); |
||
318 | $shareTmpl['mimetype'] = $share->getNode()->getMimetype(); |
||
319 | $shareTmpl['previewSupported'] = $this->previewManager->isMimeSupported($share->getNode()->getMimetype()); |
||
320 | $shareTmpl['dirToken'] = $token; |
||
321 | $shareTmpl['sharingToken'] = $token; |
||
322 | $shareTmpl['protected'] = $share->getPassword() !== null ? 'true' : 'false'; |
||
323 | $shareTmpl['dir'] = ''; |
||
324 | $shareTmpl['nonHumanFileSize'] = $share->getNode()->getSize(); |
||
325 | $shareTmpl['fileSize'] = \OCP\Util::humanFileSize($share->getNode()->getSize()); |
||
326 | |||
327 | // Show file list |
||
328 | if ($share->getNode() instanceof \OCP\Files\Folder) { |
||
329 | $shareTmpl['dir'] = $rootFolder->getRelativePath($path->getPath()); |
||
0 ignored issues
–
show
It seems like
$path is not always an object, but can also be of type string . Maybe add an additional type check?
If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null)
{
if ($objectMaybe instanceof A) {
$objectMaybe->doSomething();
}
}
Loading history...
|
|||
330 | |||
331 | /* |
||
332 | * The OC_Util methods require a view. This just uses the node API |
||
333 | */ |
||
334 | $freeSpace = $share->getNode()->getStorage()->free_space($share->getNode()->getInternalPath()); |
||
335 | View Code Duplication | if ($freeSpace < \OCP\Files\FileInfo::SPACE_UNLIMITED) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
336 | $freeSpace = \max($freeSpace, 0); |
||
337 | } else { |
||
338 | $freeSpace = (INF > 0) ? INF: PHP_INT_MAX; // work around https://bugs.php.net/bug.php?id=69188 |
||
339 | } |
||
340 | |||
341 | $maxUploadFilesize = $freeSpace; |
||
342 | |||
343 | if ($share->getPermissions() & \OCP\Constants::PERMISSION_READ > 0) { |
||
344 | $folder = new Template('files', 'list', ''); |
||
345 | $folder->assign('dir', $rootFolder->getRelativePath($path->getPath())); |
||
346 | $folder->assign('dirToken', $token); |
||
347 | $folder->assign('permissions', \OCP\Constants::PERMISSION_READ); |
||
348 | $folder->assign('isPublic', true); |
||
349 | $folder->assign('publicUploadEnabled', 'no'); |
||
350 | $folder->assign('uploadMaxFilesize', $maxUploadFilesize); |
||
351 | $folder->assign('uploadMaxHumanFilesize', OCP\Util::humanFileSize($maxUploadFilesize)); |
||
352 | $folder->assign('freeSpace', $freeSpace); |
||
353 | $folder->assign('usedSpacePercent', 0); |
||
354 | $folder->assign('trash', false); |
||
355 | $shareTmpl['folder'] = $folder->fetchPage(); |
||
356 | } else { |
||
357 | $folder = new Template('files_sharing', 'upload', ''); |
||
358 | $shareTmpl['folder'] = $folder->fetchPage(); |
||
359 | } |
||
360 | } |
||
361 | |||
362 | $shareTmpl['canDownload'] = !!($share->getPermissions() & \OCP\Constants::PERMISSION_READ > 0); |
||
363 | $shareTmpl['downloadURL'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.downloadShare', ['token' => $token]); |
||
364 | $shareTmpl['shareUrl'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $token]); |
||
365 | $shareTmpl['maxSizeAnimateGif'] = $this->config->getSystemValue('max_filesize_animated_gifs_public_sharing', 10); |
||
366 | $shareTmpl['previewEnabled'] = $this->config->getSystemValue('enable_previews', true); |
||
367 | $shareTmpl['previewMaxX'] = $this->config->getSystemValue('preview_max_x', 1024); |
||
368 | $shareTmpl['previewMaxY'] = $this->config->getSystemValue('preview_max_y', 1024); |
||
369 | if ($shareTmpl['previewSupported']) { |
||
370 | $shareTmpl['previewImage'] = $this->urlGenerator->linkToRouteAbsolute('core_ajax_public_preview', |
||
371 | ['x' => 200, 'y' => 200, 'file' => $shareTmpl['directory_path'], 't' => $shareTmpl['dirToken']]); |
||
372 | } else { |
||
373 | $shareTmpl['previewImage'] = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->imagePath('core', 'favicon-fb.png')); |
||
374 | } |
||
375 | |||
376 | $this->eventDispatcher->dispatch('OCA\Files_Sharing::loadAdditionalScripts'); |
||
377 | |||
378 | $csp = new OCP\AppFramework\Http\ContentSecurityPolicy(); |
||
379 | $csp->addAllowedFrameDomain('\'self\''); |
||
380 | $response = new TemplateResponse($this->appName, 'public', $shareTmpl, 'base'); |
||
381 | $response->setContentSecurityPolicy($csp); |
||
382 | |||
383 | $this->emitAccessShareHook($share); |
||
384 | |||
385 | return $response; |
||
386 | } |
||
387 | |||
388 | /** |
||
389 | * @PublicPage |
||
390 | * @NoCSRFRequired |
||
391 | * |
||
392 | * @param string $token |
||
393 | * @param string $files |
||
394 | * @param string $path |
||
395 | * @param string $downloadStartSecret |
||
396 | * @return NotFoundResponse|RedirectResponse|void |
||
397 | */ |
||
398 | public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') { |
||
399 | \OC_User::setIncognitoMode(true); |
||
400 | |||
401 | $share = $this->shareManager->getShareByToken($token); |
||
402 | |||
403 | // Share is password protected - check whether the user is permitted to access the share |
||
404 | View Code Duplication | if ($share->getPassword() !== null && !$this->linkShareAuth($share)) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
405 | return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate', |
||
406 | ['token' => $token])); |
||
407 | } |
||
408 | |||
409 | if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { |
||
410 | throw new NotFoundException(); |
||
411 | } |
||
412 | |||
413 | $files_list = $files; |
||
414 | if ($files !== null) { // download selected files |
||
415 | // in case we get only a single file |
||
416 | if (!\is_array($files_list)) { |
||
417 | $files_list = [(string)$files_list]; |
||
418 | } |
||
419 | } |
||
420 | |||
421 | $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner()); |
||
422 | $originalSharePath = $userFolder->getRelativePath($share->getNode()->getPath()); |
||
423 | |||
424 | if (!$this->validateShare($share)) { |
||
425 | throw new NotFoundException(); |
||
426 | } |
||
427 | |||
428 | // Single file share |
||
429 | if ($share->getNode() instanceof \OCP\Files\File) { |
||
430 | // Single file download |
||
431 | $event = $this->activityManager->generateEvent(); |
||
432 | $event->setApp('files_sharing') |
||
433 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
434 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($share->getNode()->getPath())]) |
||
435 | ->setAffectedUser($share->getShareOwner()) |
||
436 | ->setObject('files', $share->getNode()->getId(), $userFolder->getRelativePath($share->getNode()->getPath())); |
||
437 | $this->activityManager->publish($event); |
||
438 | } |
||
439 | // Directory share |
||
440 | else { |
||
441 | /** @var \OCP\Files\Folder $node */ |
||
442 | $node = $share->getNode(); |
||
443 | |||
444 | // Try to get the path |
||
445 | if ($path !== '') { |
||
446 | try { |
||
447 | $node = $node->get($path); |
||
448 | } catch (NotFoundException $e) { |
||
449 | $this->emitAccessShareHook($share, 404, 'Share not found'); |
||
450 | return new NotFoundResponse(); |
||
451 | } |
||
452 | } |
||
453 | |||
454 | $originalSharePath = $userFolder->getRelativePath($node->getPath()); |
||
455 | |||
456 | if ($node instanceof \OCP\Files\File) { |
||
457 | // Single file download |
||
458 | $event = $this->activityManager->generateEvent(); |
||
459 | $event->setApp('files_sharing') |
||
460 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
461 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($node->getPath())]) |
||
462 | ->setAffectedUser($share->getShareOwner()) |
||
463 | ->setObject('files', $node->getId(), $userFolder->getRelativePath($node->getPath())); |
||
464 | $this->activityManager->publish($event); |
||
465 | } elseif (!empty($files_list)) { |
||
466 | /** @var \OCP\Files\Folder $node */ |
||
467 | |||
468 | // Subset of files is downloaded |
||
469 | foreach ($files_list as $file) { |
||
470 | $subNode = $node->get($file); |
||
471 | |||
472 | $event = $this->activityManager->generateEvent(); |
||
473 | $event->setApp('files_sharing') |
||
474 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
475 | ->setAffectedUser($share->getShareOwner()) |
||
476 | ->setObject('files', $subNode->getId(), $userFolder->getRelativePath($subNode->getPath())); |
||
477 | |||
478 | if ($subNode instanceof \OCP\Files\File) { |
||
479 | $event->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FILE_DOWNLOADED, [$userFolder->getRelativePath($subNode->getPath())]); |
||
480 | } else { |
||
481 | $event->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED, [$userFolder->getRelativePath($subNode->getPath())]); |
||
482 | } |
||
483 | |||
484 | $this->activityManager->publish($event); |
||
485 | } |
||
486 | } else { |
||
487 | // The folder is downloaded |
||
488 | $event = $this->activityManager->generateEvent(); |
||
489 | $event->setApp('files_sharing') |
||
490 | ->setType(Activity::TYPE_PUBLIC_LINKS) |
||
491 | ->setSubject(Activity::SUBJECT_PUBLIC_SHARED_FOLDER_DOWNLOADED, [$userFolder->getRelativePath($node->getPath())]) |
||
492 | ->setAffectedUser($share->getShareOwner()) |
||
493 | ->setObject('files', $node->getId(), $userFolder->getRelativePath($node->getPath())); |
||
494 | $this->activityManager->publish($event); |
||
495 | } |
||
496 | } |
||
497 | |||
498 | /* FIXME: We should do this all nicely in OCP */ |
||
499 | OC_Util::tearDownFS(); |
||
500 | OC_Util::setupFS($share->getShareOwner()); |
||
501 | |||
502 | /** |
||
503 | * this sets a cookie to be able to recognize the start of the download |
||
504 | * the content must not be longer than 32 characters and must only contain |
||
505 | * alphanumeric characters |
||
506 | */ |
||
507 | View Code Duplication | if (!empty($downloadStartSecret) |
|
508 | && !isset($downloadStartSecret[32]) |
||
509 | && \preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) { |
||
510 | |||
511 | // FIXME: set on the response once we use an actual app framework response |
||
512 | \setcookie('ocDownloadStarted', $downloadStartSecret, \time() + 20, '/'); |
||
513 | } |
||
514 | |||
515 | $this->emitAccessShareHook($share); |
||
516 | |||
517 | $server_params = ['head' => $this->request->getMethod() == 'HEAD']; |
||
518 | |||
519 | /** |
||
520 | * Http range requests support |
||
521 | */ |
||
522 | if (isset($_SERVER['HTTP_RANGE'])) { |
||
523 | $server_params['range'] = $this->request->getHeader('Range'); |
||
524 | } |
||
525 | |||
526 | // download selected files |
||
527 | if ($files !== null && $files !== '') { |
||
528 | // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
||
529 | // after dispatching the request which results in a "Cannot modify header information" notice. |
||
530 | OC_Files::get($originalSharePath, $files_list, $server_params); |
||
531 | exit(); |
||
532 | } else { |
||
533 | // FIXME: The exit is required here because otherwise the AppFramework is trying to add headers as well |
||
534 | // after dispatching the request which results in a "Cannot modify header information" notice. |
||
535 | OC_Files::get(\dirname($originalSharePath), \basename($originalSharePath), $server_params); |
||
536 | exit(); |
||
537 | } |
||
538 | } |
||
539 | } |
||
540 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.