2013-07-30 14:29:12 +04:00
< ? php
/**
2015-03-26 13:44:34 +03:00
* @ author Björn Schießle < schiessle @ owncloud . com >
* @ author Georg Ehrke < georg @ owncloud . com >
* @ author Lukas Reschke < lukas @ owncloud . com >
* @ author Morris Jobke < hey @ morrisjobke . de >
2015-10-05 21:54:56 +03:00
* @ author Roeland Jago Douma < roeland @ famdouma . nl >
2015-03-26 13:44:34 +03:00
* @ author Thomas Müller < thomas . mueller @ tmit . eu >
*
* @ copyright Copyright ( c ) 2015 , ownCloud , Inc .
* @ license AGPL - 3.0
*
* This code is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License , version 3 ,
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License , version 3 ,
* along with this program . If not , see < http :// www . gnu . org / licenses />
*
2013-07-30 14:29:12 +04:00
*/
2015-02-26 13:37:37 +03:00
2014-05-04 17:51:08 +04:00
OCP\JSON :: checkAppEnabled ( 'files_sharing' );
2013-07-30 14:29:12 +04:00
2013-11-27 21:35:52 +04:00
\OC_User :: setIncognitoMode ( true );
2014-01-11 14:51:28 +04:00
$file = array_key_exists ( 'file' , $_GET ) ? ( string ) $_GET [ 'file' ] : '' ;
2015-09-30 11:49:48 +03:00
$maxX = array_key_exists ( 'x' , $_GET ) ? ( int ) $_GET [ 'x' ] : '32' ;
$maxY = array_key_exists ( 'y' , $_GET ) ? ( int ) $_GET [ 'y' ] : '32' ;
2013-07-30 14:29:12 +04:00
$scalingUp = array_key_exists ( 'scalingup' , $_GET ) ? ( bool ) $_GET [ 'scalingup' ] : true ;
$token = array_key_exists ( 't' , $_GET ) ? ( string ) $_GET [ 't' ] : '' ;
2014-04-29 19:07:10 +04:00
$keepAspect = array_key_exists ( 'a' , $_GET ) ? true : false ;
2013-07-30 14:29:12 +04:00
if ( $token === '' ){
2014-05-04 17:51:08 +04:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_BAD_REQUEST );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'No token parameter was passed' , \OCP\Util :: DEBUG );
2013-07-30 14:29:12 +04:00
exit ;
}
$linkedItem = \OCP\Share :: getShareByToken ( $token );
if ( $linkedItem === false || ( $linkedItem [ 'item_type' ] !== 'file' && $linkedItem [ 'item_type' ] !== 'folder' )) {
2014-05-04 17:51:08 +04:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_NOT_FOUND );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'Passed token parameter is not valid' , \OCP\Util :: DEBUG );
2013-07-30 14:29:12 +04:00
exit ;
}
if ( ! isset ( $linkedItem [ 'uid_owner' ]) || ! isset ( $linkedItem [ 'file_source' ])) {
2014-05-04 17:51:08 +04:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_INTERNAL_SERVER_ERROR );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")' , \OCP\Util :: WARN );
2013-07-30 14:29:12 +04:00
exit ;
}
2013-12-22 23:27:38 +04:00
$rootLinkItem = OCP\Share :: resolveReShare ( $linkedItem );
$userId = $rootLinkItem [ 'uid_owner' ];
2014-01-21 14:32:30 +04:00
OCP\JSON :: checkUserExists ( $rootLinkItem [ 'uid_owner' ]);
2013-07-30 14:29:12 +04:00
\OC_Util :: setupFS ( $userId );
2013-11-27 21:35:52 +04:00
\OC\Files\Filesystem :: initMountPoints ( $userId );
$view = new \OC\Files\View ( '/' . $userId . '/files' );
2013-07-30 14:29:12 +04:00
$pathId = $linkedItem [ 'file_source' ];
2013-11-27 21:35:52 +04:00
$path = $view -> getPath ( $pathId );
2015-06-17 16:06:50 +03:00
if ( $path === null ) {
2015-06-17 16:36:54 +03:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_NOT_FOUND );
2015-07-03 15:06:40 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'Could not resolve file for shared item' , \OCP\Util :: WARN );
2015-06-17 16:36:54 +03:00
exit ;
2015-06-17 16:06:50 +03:00
}
2013-11-27 21:35:52 +04:00
$pathInfo = $view -> getFileInfo ( $path );
2013-07-30 14:29:12 +04:00
$sharedFile = null ;
if ( $linkedItem [ 'item_type' ] === 'folder' ) {
2014-05-04 17:51:08 +04:00
$isValid = \OC\Files\Filesystem :: isValidPath ( $file );
if ( ! $isValid ) {
\OC_Response :: setStatus ( \OC_Response :: STATUS_BAD_REQUEST );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'Passed filename is not valid, might be malicious (file:"' . $file . '";ip:"' . \OC :: $server -> getRequest () -> getRemoteAddress () . '")' , \OCP\Util :: WARN );
2013-07-30 14:29:12 +04:00
exit ;
}
$sharedFile = \OC\Files\Filesystem :: normalizePath ( $file );
}
if ( $linkedItem [ 'item_type' ] === 'file' ) {
$parent = $pathInfo [ 'parent' ];
2013-11-27 21:35:52 +04:00
$path = $view -> getPath ( $parent );
2013-07-30 14:29:12 +04:00
$sharedFile = $pathInfo [ 'name' ];
}
$path = \OC\Files\Filesystem :: normalizePath ( $path , false );
if ( substr ( $path , 0 , 1 ) === '/' ) {
$path = substr ( $path , 1 );
}
if ( $maxX === 0 || $maxY === 0 ) {
2014-05-04 17:51:08 +04:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_BAD_REQUEST );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core-preview' , 'x and/or y set to 0' , \OCP\Util :: DEBUG );
2013-07-30 14:29:12 +04:00
exit ;
}
$root = 'files/' . $path ;
try {
$preview = new \OC\Preview ( $userId , $root );
$preview -> setFile ( $sharedFile );
$preview -> setMaxX ( $maxX );
$preview -> setMaxY ( $maxY );
$preview -> setScalingUp ( $scalingUp );
2014-04-29 19:07:10 +04:00
$preview -> setKeepAspect ( $keepAspect );
2013-07-30 14:29:12 +04:00
2014-04-29 19:07:10 +04:00
$preview -> showPreview ();
2013-07-30 15:43:15 +04:00
} catch ( \Exception $e ) {
2014-05-04 17:51:08 +04:00
\OC_Response :: setStatus ( \OC_Response :: STATUS_INTERNAL_SERVER_ERROR );
2015-04-09 13:36:10 +03:00
\OCP\Util :: writeLog ( 'core' , $e -> getmessage (), \OCP\Util :: DEBUG );
2014-01-21 14:32:30 +04:00
}