upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-10 09:13:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

Merge pull request #48378 from nextcloud/backport/48142/stable27

Browse source 
[stable27] feat(share): ensure unique share tokens with dynamic length adjustment
This commit is contained in:
Joas Schilling 2024-09-26 15:18:36 +02:00 committed by GitHub
commit 041c8e2810
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 17 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/private/Share20/Manager.php
View file

@ -786,13 +786,25 @@ class Manager implements IManager {
$this->linkCreateChecks($share);
$this->setLinkParent($share);
// For now ignore a set token.
$share->setToken(
$this->secureRandom->generate(
for ($i = 0; $i <= 3; $i++) {
$token = $this->secureRandom->generate(
\OC\Share\Constants::TOKEN_LENGTH,
\OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
)
);
);
try {
$this->getShareByToken($token);
} catch (\OCP\Share\Exceptions\ShareNotFound $e) {
// Set the unique token
$share->setToken($token);
break;
}
// Abort after 3 failed attempts
if ($i >= 3) {
throw new \Exception('Unable to generate a unique share token after 3 attempts.');
}
}
// Verify the expiration date
$share = $this->validateExpirationDateLink($share);