From af91efd3150b11d714cacace2a2022df8be26fa2 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Mon, 16 Dec 2019 18:51:19 +0100
Subject: [PATCH] when downloading from web, skip files that are not accessible

* avoids a 403, but enables download of resources that are not restricted
* single file downloads still cause 403

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---
 lib/private/Streamer.php     | 12 +++++++++---
 lib/private/legacy/files.php |  8 ++++++--
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/lib/private/Streamer.php b/lib/private/Streamer.php
index a25e3468593..23029d98912 100644
--- a/lib/private/Streamer.php
+++ b/lib/private/Streamer.php
@@ -113,12 +113,16 @@ class Streamer {
 
 		$userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot());
 		/** @var Folder $dirNode */
-		$dirNode = $userFolder->get($rootDir);
+		$dirNode = $userFolder->get($dir);
 		$files = $dirNode->getDirectoryListing();
 
 		foreach($files as $file) {
 			if($file instanceof File) {
-				$fh = $file->fopen('r');
+				try {
+					$fh = $file->fopen('r');
+				} catch (NotPermittedException $e) {
+					continue;
+				}
 				$this->addFileFromStream(
 					$fh,
 					$internalDir . $file->getName(),
@@ -127,7 +131,9 @@ class Streamer {
 				);
 				fclose($fh);
 			} elseif ($file instanceof Folder) {
-				$this->addDirRecursive($file->getName(), $internalDir);
+				if($file->isReadable()) {
+					$this->addDirRecursive($dir . '/' . $file->getName(), $internalDir);
+				}
 			}
 		}
 	}
diff --git a/lib/private/legacy/files.php b/lib/private/legacy/files.php
index 28396a9d076..ed26a125a6f 100644
--- a/lib/private/legacy/files.php
+++ b/lib/private/legacy/files.php
@@ -180,7 +180,11 @@ class OC_Files {
 						$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
 						$file = $userFolder->get($file);
 						if($file instanceof \OC\Files\Node\File) {
-							$fh = $file->fopen('r');
+							try {
+								$fh = $file->fopen('r');
+							} catch (\OCP\Files\NotPermittedException $e) {
+								continue;
+							}
 							$fileSize = $file->getSize();
 							$fileTime = $file->getMTime();
 						} else {
@@ -309,7 +313,7 @@ class OC_Files {
 
 		OC_Util::obEnd();
 		$view->lockFile($filename, ILockingProvider::LOCK_SHARED);
-		
+
 		$rangeArray = array();
 
 		if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {
-- 
GitLab