don't use the user id within the versions preview call as it could be used to access previews of another user
This commit is contained in:
parent
2e7fed1b9b
commit
37e278f2a9
|
@ -5,7 +5,7 @@ $source = $_GET['source'];
|
|||
$start = $_GET['start'];
|
||||
list ($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($source);
|
||||
$count = 5; //show the newest revisions
|
||||
if( ($versions = OCA\Files_Versions\Storage::getVersions($uid, $filename)) ) {
|
||||
if( ($versions = OCA\Files_Versions\Storage::getVersions($uid, $filename, $source)) ) {
|
||||
|
||||
$endReached = false;
|
||||
if (count($versions) <= $start+$count) {
|
||||
|
|
|
@ -12,18 +12,11 @@ if(!\OC_App::isEnabled('files_versions')){
|
|||
}
|
||||
|
||||
$file = array_key_exists('file', $_GET) ? (string) urldecode($_GET['file']) : '';
|
||||
$user = array_key_exists('user', $_GET) ? $_GET['user'] : '';
|
||||
$maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : 44;
|
||||
$maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : 44;
|
||||
$version = array_key_exists('version', $_GET) ? $_GET['version'] : '';
|
||||
$scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true;
|
||||
|
||||
if($user === '') {
|
||||
\OC_Response::setStatus(400); //400 Bad Request
|
||||
\OC_Log::write('versions-preview', 'No user parameter was passed', \OC_Log::DEBUG);
|
||||
exit;
|
||||
}
|
||||
|
||||
if($file === '' && $version === '') {
|
||||
\OC_Response::setStatus(400); //400 Bad Request
|
||||
\OC_Log::write('versions-preview', 'No file parameter was passed', \OC_Log::DEBUG);
|
||||
|
@ -36,7 +29,8 @@ if($maxX === 0 || $maxY === 0) {
|
|||
exit;
|
||||
}
|
||||
|
||||
try{
|
||||
try {
|
||||
list($user, $file) = \OCA\Files_Versions\Storage::getUidAndFilename($file);
|
||||
$preview = new \OC\Preview($user, 'files_versions', $file.'.v'.$version);
|
||||
$mimetype = \OC_Helper::getFileNameMimeType($file);
|
||||
$preview->setMimetype($mimetype);
|
||||
|
|
|
@ -261,11 +261,12 @@ class Storage {
|
|||
|
||||
/**
|
||||
* @brief get a list of all available versions of a file in descending chronological order
|
||||
* @param $uid user id from the owner of the file
|
||||
* @param $filename file to find versions of, relative to the user files dir
|
||||
* @param string $uid user id from the owner of the file
|
||||
* @param string $filename file to find versions of, relative to the user files dir
|
||||
* @param string $userFullPath
|
||||
* @returns array
|
||||
*/
|
||||
public static function getVersions($uid, $filename) {
|
||||
public static function getVersions($uid, $filename, $userFullPath = '') {
|
||||
$versions = array();
|
||||
// fetch for old versions
|
||||
$view = new \OC\Files\View('/' . $uid . '/' . self::VERSIONS_ROOT);
|
||||
|
@ -286,7 +287,11 @@ class Storage {
|
|||
$versions[$key]['cur'] = 0;
|
||||
$versions[$key]['version'] = $version;
|
||||
$versions[$key]['humanReadableTimestamp'] = self::getHumanReadableTimestamp($version);
|
||||
$versions[$key]['preview'] = \OCP\Util::linkToRoute('core_ajax_versions_preview', array('file' => $filename, 'version' => $version, 'user' => $uid));
|
||||
if (empty($userFullPath)) {
|
||||
$versions[$key]['preview'] = '';
|
||||
} else {
|
||||
$versions[$key]['preview'] = \OCP\Util::linkToRoute('core_ajax_versions_preview', array('file' => $userFullPath, 'version' => $version));
|
||||
}
|
||||
$versions[$key]['path'] = $filename;
|
||||
$versions[$key]['name'] = $versionedFile;
|
||||
$versions[$key]['size'] = $file['size'];
|
||||
|
@ -508,8 +513,8 @@ class Storage {
|
|||
* @brief delete old version from a given list of versions
|
||||
*
|
||||
* @param array $versionsByFile list of versions ordered by files
|
||||
* @param array $allVversions all versions accross multiple files
|
||||
* @param $versionsFileview OC\Files\View on data/user/files_versions
|
||||
* @param array $allVversions all versions across multiple files
|
||||
* @param $versionsFileview \OC\Files\View on data/user/files_versions
|
||||
* @return size of releted versions
|
||||
*/
|
||||
private static function delOldVersions($versionsByFile, &$allVersions, $versionsFileview) {
|
||||
|
|
Loading…
Reference in New Issue