From 075bf73c80882943acc6c73abbcc026046e6b226 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 8 Jun 2016 15:38:11 +0200
Subject: [PATCH] Prevent access to shareinfo if share if read-only

---
 apps/files_sharing/ajax/publicpreview.php              | 7 +++++++
 apps/files_sharing/ajax/shareinfo.php                  | 5 +++++
 apps/files_sharing/lib/Controllers/ShareController.php | 8 +++++++-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/apps/files_sharing/ajax/publicpreview.php b/apps/files_sharing/ajax/publicpreview.php
index 5999740af3..c02d475a76 100644
--- a/apps/files_sharing/ajax/publicpreview.php
+++ b/apps/files_sharing/ajax/publicpreview.php
@@ -42,6 +42,13 @@ if($token === ''){
 }
 
 $linkedItem = \OCP\Share::getShareByToken($token);
+$shareManager = \OC::$server->getShareManager();
+$share = $shareManager->getShareByToken($token);
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
 	\OC_Response::setStatus(\OC_Response::STATUS_NOT_FOUND);
 	\OCP\Util::writeLog('core-preview', 'Passed token parameter is not valid', \OCP\Util::DEBUG);
diff --git a/apps/files_sharing/ajax/shareinfo.php b/apps/files_sharing/ajax/shareinfo.php
index acf58a2431..002d7ab275 100644
--- a/apps/files_sharing/ajax/shareinfo.php
+++ b/apps/files_sharing/ajax/shareinfo.php
@@ -71,6 +71,11 @@ $shareManager = \OC::$server->getShareManager();
 $share = $shareManager->getShareByToken($token);
 $sharePermissions= (int)$share->getPermissions();
 
+if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+	OCP\JSON::error(array('data' => 'Share is not readable.'));
+	exit();
+}
+
 /**
  * @param \OCP\Files\FileInfo $dir
  * @param \OC\Files\View $view
diff --git a/apps/files_sharing/lib/Controllers/ShareController.php b/apps/files_sharing/lib/Controllers/ShareController.php
index baf2fc9ed1..56f94b91c8 100644
--- a/apps/files_sharing/lib/Controllers/ShareController.php
+++ b/apps/files_sharing/lib/Controllers/ShareController.php
@@ -252,6 +252,7 @@ class ShareController extends Controller {
 	 * @param string $path
 	 * @return TemplateResponse|RedirectResponse
 	 * @throws NotFoundException
+	 * @throws \Exception
 	 */
 	public function showShare($token, $path = '') {
 		\OC_User::setIncognitoMode(true);
@@ -373,13 +374,18 @@ class ShareController extends Controller {
 	 * @param string $files
 	 * @param string $path
 	 * @param string $downloadStartSecret
-	 * @return void|RedirectResponse
+	 * @return void|OCP\AppFramework\Http\Response
+	 * @throws NotFoundException
 	 */
 	public function downloadShare($token, $files = null, $path = '', $downloadStartSecret = '') {
 		\OC_User::setIncognitoMode(true);
 
 		$share = $this->shareManager->getShareByToken($token);
 
+		if(!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
+			return new OCP\AppFramework\Http\DataResponse('Share is read-only');
+		}
+
 		// Share is password protected - check whether the user is permitted to access the share
 		if ($share->getPassword() !== null && !$this->linkShareAuth($share)) {
 			return new RedirectResponse($this->urlGenerator->linkToRoute('files_sharing.sharecontroller.authenticate',