Skip to content

Commit

Permalink
fix: Block incompatible operations with remote tokens
Browse files Browse the repository at this point in the history 
With federated tokens we do not allow storage operations that would be
relative to the file path so we should block them

Signed-off-by: Julius Härtl <jus@bitgrid.net>
  • Loading branch information
@juliushaertl @backportbot
juliushaertl authored and backportbot[bot] committed Aug 6, 2024
1 parent cce4ff2 commit 57122d3
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions lib/Controller/WopiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,11 +168,11 @@ public function checkFileInfo($fileId, $access_token) {
'UserExtraInfo' => [],
'UserPrivateInfo' => [],
'UserCanWrite' => $canWriteThroughLock && (bool)$wopi->getCanwrite(),
'UserCanNotWriteRelative' => $isPublic || $this->encryptionManager->isEnabled() || $wopi->getHideDownload(),
'UserCanNotWriteRelative' => $isPublic || $this->encryptionManager->isEnabled() || $wopi->getHideDownload() || $wopi->isRemoteToken(),
'PostMessageOrigin' => $wopi->getServerHost(),
'LastModifiedTime' => Helper::toISO8601($file->getMTime()),
'SupportsRename' => !$isVersion,
'UserCanRename' => !$isPublic && !$isVersion,
'SupportsRename' => !$isVersion && !$wopi->isRemoteToken(),
'UserCanRename' => !$isPublic && !$isVersion && !$wopi->isRemoteToken(),
'EnableInsertRemoteImage' => !$isPublic,
'EnableShare' => $file->isShareable() && !$isVersion && !$isPublic,
'HideUserList' => '',
Expand Down

0 comments on commit 57122d3

Please sign in to comment.