ecommun / owncloud_ynh

Blame view

sources/apps/files_sharing/ajax/publicpreview.php 2.76 KB
edit raw normal view history
31b7f2792   Kload   Upgrade to ownclo... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
  <?php
  /**
   * Copyright (c) 2013 Georg Ehrke georg@ownCloud.com
   * This file is licensed under the Affero General Public License version 3 or
   * later.
   * See the COPYING-README file.
   */
  if(!\OC_App::isEnabled('files_sharing')){
  	exit;
  }
  
  \OC_User::setIncognitoMode(true);
  
  $file = array_key_exists('file', $_GET) ? (string) urldecode($_GET['file']) : '';
  $maxX = array_key_exists('x', $_GET) ? (int) $_GET['x'] : '36';
  $maxY = array_key_exists('y', $_GET) ? (int) $_GET['y'] : '36';
  $scalingUp = array_key_exists('scalingup', $_GET) ? (bool) $_GET['scalingup'] : true;
  $token = array_key_exists('t', $_GET) ? (string) $_GET['t'] : '';
  
  if($token === ''){
  	\OC_Response::setStatus(400); //400 Bad Request
  	\OC_Log::write('core-preview', 'No token parameter was passed', \OC_Log::DEBUG);
  	exit;
  }
  
  $linkedItem = \OCP\Share::getShareByToken($token);
  if($linkedItem === false || ($linkedItem['item_type'] !== 'file' && $linkedItem['item_type'] !== 'folder')) {
  	\OC_Response::setStatus(404);
  	\OC_Log::write('core-preview', 'Passed token parameter is not valid', \OC_Log::DEBUG);
  	exit;
  }
  
  if(!isset($linkedItem['uid_owner']) || !isset($linkedItem['file_source'])) {
  	\OC_Response::setStatus(500);
  	\OC_Log::write('core-preview', 'Passed token seems to be valid, but it does not contain all necessary information . ("' . $token . '")', \OC_Log::WARN);
  	exit;
  }
  
  $userId = $linkedItem['uid_owner'];
  \OC_Util::setupFS($userId);
  \OC\Files\Filesystem::initMountPoints($userId);
  $view = new \OC\Files\View('/' . $userId . '/files');
  
  $pathId = $linkedItem['file_source'];
  $path = $view->getPath($pathId);
  $pathInfo = $view->getFileInfo($path);
  $sharedFile = null;
  
  if($linkedItem['item_type'] === 'folder') {
  	$isvalid = \OC\Files\Filesystem::isValidPath($file);
  	if(!$isvalid) {
  		\OC_Response::setStatus(400); //400 Bad Request
  		\OC_Log::write('core-preview', 'Passed filename is not valid, might be malicious (file:"' . $file . '";ip:"' . $_SERVER['REMOTE_ADDR'] . '")', \OC_Log::WARN);
  		exit;
  	}
  	$sharedFile = \OC\Files\Filesystem::normalizePath($file);
  }
  
  if($linkedItem['item_type'] === 'file') {
  	$parent = $pathInfo['parent'];
  	$path = $view->getPath($parent);
  	$sharedFile = $pathInfo['name'];
  }
  
  $path = \OC\Files\Filesystem::normalizePath($path, false);
  if(substr($path, 0, 1) === '/') {
  	$path = substr($path, 1);
  }
  
  if($maxX === 0 || $maxY === 0) {
  	\OC_Response::setStatus(400); //400 Bad Request
  	\OC_Log::write('core-preview', 'x and/or y set to 0', \OC_Log::DEBUG);
  	exit;
  }
  
  $root = 'files/' . $path;
  
  try{
  	$preview = new \OC\Preview($userId, $root);
  	$preview->setFile($sharedFile);
  	$preview->setMaxX($maxX);
  	$preview->setMaxY($maxY);
  	$preview->setScalingUp($scalingUp);
  
  	$preview->show();
  } catch (\Exception $e) {
  	\OC_Response::setStatus(500);
  	\OC_Log::write('core', $e->getmessage(), \OC_Log::DEBUG);
  }