From b67980b52d1245472b98d1b9048622794e79baf5 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 16 Dec 2019 18:51:19 +0100 Subject: [PATCH] when downloading from web, skip files that are not accessible * avoids a 403, but enables download of resources that are not restricted * single file downloads still cause 403 Signed-off-by: Arthur Schiwon --- lib/private/Streamer.php | 12 +++++++++--- lib/private/legacy/files.php | 8 ++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/lib/private/Streamer.php b/lib/private/Streamer.php index f56655e55e..2443c401c8 100644 --- a/lib/private/Streamer.php +++ b/lib/private/Streamer.php @@ -111,12 +111,16 @@ class Streamer { $userFolder = \OC::$server->getRootFolder()->get(Filesystem::getRoot()); /** @var Folder $dirNode */ - $dirNode = $userFolder->get($rootDir); + $dirNode = $userFolder->get($dir); $files = $dirNode->getDirectoryListing(); foreach($files as $file) { if($file instanceof File) { - $fh = $file->fopen('r'); + try { + $fh = $file->fopen('r'); + } catch (NotPermittedException $e) { + continue; + } $this->addFileFromStream( $fh, $internalDir . $file->getName(), @@ -125,7 +129,9 @@ class Streamer { ); fclose($fh); } elseif ($file instanceof Folder) { - $this->addDirRecursive($file->getName(), $internalDir); + if($file->isReadable()) { + $this->addDirRecursive($dir . '/' . $file->getName(), $internalDir); + } } } } diff --git a/lib/private/legacy/files.php b/lib/private/legacy/files.php index d8de038160..857bcc9610 100644 --- a/lib/private/legacy/files.php +++ b/lib/private/legacy/files.php @@ -180,7 +180,11 @@ class OC_Files { $userFolder = \OC::$server->getRootFolder()->get(\OC\Files\Filesystem::getRoot()); $file = $userFolder->get($file); if($file instanceof \OC\Files\Node\File) { - $fh = $file->fopen('r'); + try { + $fh = $file->fopen('r'); + } catch (\OCP\Files\NotPermittedException $e) { + continue; + } $fileSize = $file->getSize(); $fileTime = $file->getMTime(); } else { @@ -309,7 +313,7 @@ class OC_Files { OC_Util::obEnd(); $view->lockFile($filename, ILockingProvider::LOCK_SHARED); - + $rangeArray = array(); if (isset($params['range']) && substr($params['range'], 0, 6) === 'bytes=') {