nextcloud/apps/files_sharing/ajax/publicpreview.php

126 lines
4.4 KiB
PHP
Raw Normal View History

2013-07-30 14:29:12 +04:00
<?php
/**
2016-05-26 20:56:05 +03:00
* @author Björn Schießle <bjoern@schiessle.org>
2015-03-26 13:44:34 +03:00
* @author Georg Ehrke <georg@owncloud.com>
2016-05-26 20:56:05 +03:00
* @author Lukas Reschke <lukas@statuscode.ch>
2015-03-26 13:44:34 +03:00
* @author Morris Jobke <hey@morrisjobke.de>
2015-10-26 15:54:55 +03:00
* @author Roeland Jago Douma <rullzer@owncloud.com>
2015-03-26 13:44:34 +03:00
* @author Thomas Müller <thomas.mueller@tmit.eu>
*
2016-01-12 17:02:16 +03:00
* @copyright Copyright (c) 2016, ownCloud, Inc.
2015-03-26 13:44:34 +03:00
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
2013-07-30 14:29:12 +04:00
*/
OCP\JSON::checkAppEnabled('files_sharing');
2013-07-30 14:29:12 +04:00
\OC_User::setIncognitoMode(true);
$file = array_key_exists('file', $_GET) ? (string) $_GET['file'] : '';
$maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : '32';
$maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : '32';
2013-07-30 14:29:12 +04:00
$scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true;
$token = array_key_exists('t', $_GET) ? (string) $_GET['t'] : '';
$keepAspect = array_key_exists('a', $_GET) ? true : false;
2013-07-30 14:29:12 +04:00
if($token === ''){
\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
\OCP\Util::writeLog('core-preview', 'No token parameter was passed', \OCP\Util::DEBUG);
2013-07-30 14:29:12 +04:00
exit;
}
$linkedItem = \OCP\Share::getShareByToken($token);
$shareManager = \OC::$server->getShareManager();
$share = $shareManager->getShareByToken($token);
if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
OCP\JSON::error(array('data' => 'Share is not readable.'));
exit();
}
2013-07-30 14:29:12 +04:00
if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
2013-07-30 14:29:12 +04:00
exit;
}
if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
\OC_Response::setStatus(\OC_Response::STATUS_INTERNAL_SERVER_ERROR);
\OCP\Util::writeLog('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OCP\Util::WARN);
2013-07-30 14:29:12 +04:00
exit;
}
2013-12-22 23:27:38 +04:00
$rootLinkItem = OCP\Share::resolveReShare($linkedItem);
$userId = $rootLinkItem['uid_owner'];
OCP\JSON::checkUserExists($rootLinkItem['uid_owner']);
2013-07-30 14:29:12 +04:00
\OC_Util::setupFS($userId);
\OC\Files\Filesystem::initMountPoints($userId);
$view = new \OC\Files\View('/' . $userId . '/files');
2013-07-30 14:29:12 +04:00
$pathId = $linkedItem['file_source'];
$path = $view->getPath($pathId);
if($path === null) {
2015-06-17 16:36:54 +03:00
\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
2015-07-03 15:06:40 +03:00
\OCP\Util::writeLog('core-preview', 'Could not resolve file for shared item', \OCP\Util::WARN);
2015-06-17 16:36:54 +03:00
exit;
}
$pathInfo = $view->getFileInfo($path);
2013-07-30 14:29:12 +04:00
$sharedFile = null;
if($linkedItem['item_type'] === 'folder') {
$isValid = \OC\Files\Filesystem::isValidPath($file);
if(!$isValid) {
\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
\OCP\Util::writeLog('core-preview', 'Passed filename is not valid, might be malicious (file:"' . $file . '";ip:"' . \OC::$server->getRequest()->getRemoteAddress() . '")', \OCP\Util::WARN);
2013-07-30 14:29:12 +04:00
exit;
}
$sharedFile = \OC\Files\Filesystem::normalizePath($file);
}
if($linkedItem['item_type'] === 'file') {
$parent = $pathInfo['parent'];
$path = $view->getPath($parent);
2013-07-30 14:29:12 +04:00
$sharedFile = $pathInfo['name'];
}
$path = \OC\Files\Filesystem::normalizePath($path, false);
if(substr($path, 0, 1) === '/') {
$path = substr($path, 1);
}
if($maxX === 0 || $maxY === 0) {
\OC_Response::setStatus(\OC_Response::STATUS_BAD_REQUEST);
\OCP\Util::writeLog('core-preview', 'x and/or y set to 0', \OCP\Util::DEBUG);
2013-07-30 14:29:12 +04:00
exit;
}
$root = 'files/' . $path;
try{
$preview = new \OC\Preview($userId, $root);
$preview->setFile($sharedFile);
$preview->setMaxX($maxX);
$preview->setMaxY($maxY);
$preview->setScalingUp($scalingUp);
$preview->setKeepAspect($keepAspect);
2013-07-30 14:29:12 +04:00
$preview->showPreview();
2013-07-30 15:43:15 +04:00
} catch (\Exception $e) {
\OC_Response::setStatus(\OC_Response::STATUS_INTERNAL_SERVER_ERROR);
\OCP\Util::writeLog('core', $e->getmessage(), \OCP\Util::DEBUG);
}