upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-06 23:34:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix: Ignore preview requests for invalid file ids

Browse source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl 2024-06-21 11:37:47 +02:00 committed by backportbot[bot]
parent 942a91916a
commit 7f9b44d6a5
4 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/files/lib/Controller/ApiController.php
View file

@ -123,6 +123,10 @@ class ApiController extends Controller {
throw new NotFoundException();
}
if ($file->getId() <= 0) {
return new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND);
}
/** @var File $file */
$preview = $this->previewManager->getPreview($file, $x, $y, true);

12
apps/files/tests/Controller/ApiControllerTest.php
View file

@ -177,6 +177,7 @@ class ApiControllerTest extends TestCase {
public function testGetThumbnailInvalidImage() {
$file = $this->createMock(File::class);
$file->method('getId')->willReturn(123);
$this->userFolder->method('get')
->with($this->equalTo('unknown.jpg'))
->willReturn($file);
@ -188,8 +189,19 @@ class ApiControllerTest extends TestCase {
$this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg'));
}
public function testGetThumbnailInvalidPartFile() {
$file = $this->createMock(File::class);
$file->method('getId')->willReturn(0);
$this->userFolder->method('get')
->with($this->equalTo('unknown.jpg'))
->willReturn($file);
$expected = new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND);
$this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg'));
}
public function testGetThumbnail() {
$file = $this->createMock(File::class);
$file->method('getId')->willReturn(123);
$this->userFolder->method('get')
->with($this->equalTo('known.jpg'))
->willReturn($file);

4
core/Controller/PreviewController.php
View file

@ -159,6 +159,10 @@ class PreviewController extends Controller {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}
if ($node->getId() <= 0) {
return new DataResponse([], Http::STATUS_NOT_FOUND);
}
$storage = $node->getStorage();
if ($storage->instanceOfStorage(SharedStorage::class)) {
/** @var SharedStorage $storage */

1
tests/Core/Controller/PreviewControllerTest.php
View file

@ -204,6 +204,7 @@ class PreviewControllerTest extends \Test\TestCase {
->willReturn($userFolder);
$file = $this->createMock(File::class);
$file->method('getId')->willReturn(123);
$userFolder->method('get')
->with($this->equalTo('file'))
->willReturn($file);