Skip to content

Commit af91efd

Browse files
blizzzblizzz
committed
when downloading from web, skip files that are not accessible
* avoids a 403, but enables download of resources that are not restricted * single file downloads still cause 403 Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
1 parent 79eae96 commit af91efd

File tree

2 files changed

+15
-5
lines changed

2 files changed

+15
-5
lines changed

lib/private/Streamer.php

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -113,12 +113,16 @@ public function addDirRecursive(string $dir, string $internalDir = ''): void {
113113

114114
$userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot());
115115
/** @var Folder $dirNode */
116-
$dirNode = $userFolder->get($rootDir);
116+
$dirNode = $userFolder->get($dir);
117117
$files = $dirNode->getDirectoryListing();
118118

119119
foreach($files as $file) {
120120
if($file instanceof File) {
121-
$fh = $file->fopen('r');
121+
try {
122+
$fh = $file->fopen('r');
123+
} catch (NotPermittedException $e) {
124+
continue;
125+
}
122126
$this->addFileFromStream(
123127
$fh,
124128
$internalDir . $file->getName(),
@@ -127,7 +131,9 @@ public function addDirRecursive(string $dir, string $internalDir = ''): void {
127131
);
128132
fclose($fh);
129133
} elseif ($file instanceof Folder) {
130-
$this->addDirRecursive($file->getName(), $internalDir);
134+
if($file->isReadable()) {
135+
$this->addDirRecursive($dir . '/' . $file->getName(), $internalDir);
136+
}
131137
}
132138
}
133139
}

lib/private/legacy/files.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -180,7 +180,11 @@ public static function get($dir, $files, $params = null) {
180180
$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
181181
$file = $userFolder->get($file);
182182
if($file instanceof \OC\Files\Node\File) {
183-
$fh = $file->fopen('r');
183+
try {
184+
$fh = $file->fopen('r');
185+
} catch (\OCP\Files\NotPermittedException $e) {
186+
continue;
187+
}
184188
$fileSize = $file->getSize();
185189
$fileTime = $file->getMTime();
186190
} else {
@@ -309,7 +313,7 @@ private static function getSingleFile($view, $dir, $name, $params) {
309313

310314
OC_Util::obEnd();
311315
$view->lockFile($filename, ILockingProvider::LOCK_SHARED);
312-
316+
313317
$rangeArray = array();
314318

315319
if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {

0 commit comments

Comments
 (0)