Merge pull request #18489 from nextcloud/backport/18433/stable16

[stable16] Use File Node API for more download cases, skip unreadable files
This commit is contained in:
Roeland Jago Douma 2019-12-23 15:42:03 +01:00 committed by GitHub
commit 4261a91f85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 70 additions and 33 deletions

View file

@ -24,6 +24,12 @@
namespace OC;
use OC\Files\Filesystem;
use OCP\Files\File;
use OCP\Files\Folder;
use OCP\Files\InvalidPathException;
use OCP\Files\NotFoundException;
use OCP\Files\NotPermittedException;
use OCP\IRequest;
use ownCloud\TarStreamer\TarStreamer;
use ZipStreamer\ZipStreamer;
@ -88,10 +94,12 @@ class Streamer {
/**
* Stream directory recursively
* @param string $dir
* @param string $internalDir
*
* @throws NotFoundException
* @throws NotPermittedException
* @throws InvalidPathException
*/
public function addDirRecursive($dir, $internalDir='') {
public function addDirRecursive(string $dir, string $internalDir = ''): void {
$dirname = basename($dir);
$rootDir = $internalDir . $dirname;
if (!empty($rootDir)) {
@ -101,18 +109,29 @@ class Streamer {
// prevent absolute dirs
$internalDir = ltrim($internalDir, '/');
$files= \OC\Files\Filesystem::getDirectoryContent($dir);
$userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot());
/** @var Folder $dirNode */
$dirNode = $userFolder->get($dir);
$files = $dirNode->getDirectoryListing();
foreach($files as $file) {
$filename = $file['name'];
$file = $dir . '/' . $filename;
if(\OC\Files\Filesystem::is_file($file)) {
$filesize = \OC\Files\Filesystem::filesize($file);
$fileTime = \OC\Files\Filesystem::filemtime($file);
$fh = \OC\Files\Filesystem::fopen($file, 'r');
$this->addFileFromStream($fh, $internalDir . $filename, $filesize, $fileTime);
if($file instanceof File) {
try {
$fh = $file->fopen('r');
} catch (NotPermittedException $e) {
continue;
}
$this->addFileFromStream(
$fh,
$internalDir . $file->getName(),
$file->getSize(),
$file->getMTime()
);
fclose($fh);
}elseif(\OC\Files\Filesystem::is_dir($file)) {
$this->addDirRecursive($file, $internalDir);
} elseif ($file instanceof Folder) {
if($file->isReadable()) {
$this->addDirRecursive($dir . '/' . $file->getName(), $internalDir);
}
}
}
}

View file

@ -180,7 +180,11 @@ class OC_Files {
$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($file);
if($file instanceof \OC\Files\Node\File) {
$fh = $file->fopen('r');
try {
$fh = $file->fopen('r');
} catch (\OCP\Files\NotPermittedException $e) {
continue;
}
$fileSize = $file->getSize();
$fileTime = $file->getMTime();
} else {
@ -284,30 +288,44 @@ class OC_Files {
*/
private static function getSingleFile($view, $dir, $name, $params) {
$filename = $dir . '/' . $name;
$file = null;
try {
$userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot());
$file = $userFolder->get($filename);
if(!$file instanceof \OC\Files\Node\File || !$file->isReadable()) {
http_response_code(403);
die('403 Forbidden');
}
$fileSize = $file->getSize();
} catch (\OCP\Files\NotPermittedException $e) {
http_response_code(403);
die('403 Forbidden');
} catch (\OCP\Files\InvalidPathException $e) {
http_response_code(403);
die('403 Forbidden');
} catch (\OCP\Files\NotFoundException $e) {
http_response_code(404);
$tmpl = new OC_Template('', '404', 'guest');
$tmpl->printPage();
exit();
}
OC_Util::obEnd();
$view->lockFile($filename, ILockingProvider::LOCK_SHARED);
$rangeArray = array();
if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {
$rangeArray = self::parseHttpRangeHeader(substr($params['range'], 6),
\OC\Files\Filesystem::filesize($filename));
$rangeArray = self::parseHttpRangeHeader(substr($params['range'], 6), $fileSize);
}
if (\OC\Files\Filesystem::isReadable($filename)) {
self::sendHeaders($filename, $name, $rangeArray);
} elseif (!\OC\Files\Filesystem::file_exists($filename)) {
http_response_code(404);
$tmpl = new OC_Template('', '404', 'guest');
$tmpl->printPage();
exit();
} else {
http_response_code(403);
die('403 Forbidden');
}
self::sendHeaders($filename, $name, $rangeArray);
if (isset($params['head']) && $params['head']) {
return;
}
if (!empty($rangeArray)) {
try {
if (count($rangeArray) == 1) {