when downloading from web, skip files that are not accessible

* avoids a 403, but enables download of resources that are not restricted
* single file downloads still cause 403

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2019-12-16 18:51:19 +01:00
parent 79eae96f45
commit af91efd315
No known key found for this signature in database
GPG Key ID: 7424F1874854DF23
2 changed files with 15 additions and 5 deletions

View File

@ -113,12 +113,16 @@ class Streamer {
$userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot()); $userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot());
/** @var Folder $dirNode */ /** @var Folder $dirNode */
$dirNode = $userFolder->get($rootDir); $dirNode = $userFolder->get($dir);
$files = $dirNode->getDirectoryListing(); $files = $dirNode->getDirectoryListing();
foreach($files as $file) { foreach($files as $file) {
if($file instanceof File) { if($file instanceof File) {
$fh = $file->fopen('r'); try {
$fh = $file->fopen('r');
} catch (NotPermittedException $e) {
continue;
}
$this->addFileFromStream( $this->addFileFromStream(
$fh, $fh,
$internalDir . $file->getName(), $internalDir . $file->getName(),
@ -127,7 +131,9 @@ class Streamer {
); );
fclose($fh); fclose($fh);
} elseif ($file instanceof Folder) { } elseif ($file instanceof Folder) {
$this->addDirRecursive($file->getName(), $internalDir); if($file->isReadable()) {
$this->addDirRecursive($dir . '/' . $file->getName(), $internalDir);
}
} }
} }
} }

View File

@ -180,7 +180,11 @@ class OC_Files {
$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot()); $userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($file); $file = $userFolder->get($file);
if($file instanceof \OC\Files\Node\File) { if($file instanceof \OC\Files\Node\File) {
$fh = $file->fopen('r'); try {
$fh = $file->fopen('r');
} catch (\OCP\Files\NotPermittedException $e) {
continue;
}
$fileSize = $file->getSize(); $fileSize = $file->getSize();
$fileTime = $file->getMTime(); $fileTime = $file->getMTime();
} else { } else {
@ -309,7 +313,7 @@ class OC_Files {
OC_Util::obEnd(); OC_Util::obEnd();
$view->lockFile($filename, ILockingProvider::LOCK_SHARED); $view->lockFile($filename, ILockingProvider::LOCK_SHARED);
$rangeArray = array(); $rangeArray = array();
if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') { if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {