Skip to content
Snippets Groups Projects
Unverified Commit af91efd3 authored by Arthur Schiwon's avatar Arthur Schiwon
Browse files

when downloading from web, skip files that are not accessible 


* avoids a 403, but enables download of resources that are not restricted
* single file downloads still cause 403

Signed-off-by: default avatarArthur Schiwon <blizzz@arthur-schiwon.de>
parent 79eae96f
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
lib/private/Streamer.php
+ 9
3
View file @ af91efd3
...@@ -113,12 +113,16 @@ class Streamer { ...@@ -113,12 +113,16 @@ class Streamer {
$userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot()); $userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot());
/** @var Folder $dirNode */ /** @var Folder $dirNode */
$dirNode = $userFolder->get($rootDir); $dirNode = $userFolder->get($dir);
$files = $dirNode->getDirectoryListing(); $files = $dirNode->getDirectoryListing();
foreach($files as $file) { foreach($files as $file) {
if($file instanceof File) { if($file instanceof File) {
$fh = $file->fopen('r'); try {
$fh = $file->fopen('r');
} catch (NotPermittedException $e) {
continue;
}
$this->addFileFromStream( $this->addFileFromStream(
$fh, $fh,
$internalDir . $file->getName(), $internalDir . $file->getName(),
...@@ -127,7 +131,9 @@ class Streamer { ...@@ -127,7 +131,9 @@ class Streamer {
); );
fclose($fh); fclose($fh);
} elseif ($file instanceof Folder) { } elseif ($file instanceof Folder) {
$this->addDirRecursive($file->getName(), $internalDir); if($file->isReadable()) {
$this->addDirRecursive($dir . '/' . $file->getName(), $internalDir);
}
} }
} }
} }
......
lib/private/legacy/files.php
+ 6
2
View file @ af91efd3
...@@ -180,7 +180,11 @@ class OC_Files { ...@@ -180,7 +180,11 @@ class OC_Files {
$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot()); $userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($file); $file = $userFolder->get($file);
if($file instanceof \OC\Files\Node\File) { if($file instanceof \OC\Files\Node\File) {
$fh = $file->fopen('r'); try {
$fh = $file->fopen('r');
} catch (\OCP\Files\NotPermittedException $e) {
continue;
}
$fileSize = $file->getSize(); $fileSize = $file->getSize();
$fileTime = $file->getMTime(); $fileTime = $file->getMTime();
} else { } else {
...@@ -309,7 +313,7 @@ class OC_Files { ...@@ -309,7 +313,7 @@ class OC_Files {
OC_Util::obEnd(); OC_Util::obEnd();
$view->lockFile($filename, ILockingProvider::LOCK_SHARED); $view->lockFile($filename, ILockingProvider::LOCK_SHARED);
$rangeArray = array(); $rangeArray = array();
if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') { if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment