DirectController: Verify that expirationTime is between 0s and 24h

Signed-off-by: Iscle <albertiscle9@gmail.com>
This commit is contained in:
Iscle 2020-10-01 23:47:13 +02:00
parent ebd734dc86
commit 0e5d692866
1 changed files with 4 additions and 0 deletions

View File

@ -90,6 +90,10 @@ class DirectController extends OCSController {
throw new OCSNotFoundException(); throw new OCSNotFoundException();
} }
if ($expirationTime <= 0 || $expirationTime > (60 * 60 * 24)) {
throw new OCSBadRequestException('Expiration time should be greater than 0 and less than or equal to ' . (60 * 60 * 24));
}
$file = array_shift($files); $file = array_shift($files);
if (!($file instanceof File)) { if (!($file instanceof File)) {
throw new OCSBadRequestException('Direct download only works for files'); throw new OCSBadRequestException('Direct download only works for files');