From ca84d612aee1df24d20b0b946a3f71f242ad1070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Tue, 30 Apr 2024 15:55:17 +0200 Subject: [PATCH 1/2] fix: Block incompatible operations with remote tokens MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With federated tokens we do not allow storage operations that would be relative to the file path so we should block them Signed-off-by: Julius Härtl --- lib/Controller/WopiController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/Controller/WopiController.php b/lib/Controller/WopiController.php index 1b8268ae12..dc09130d28 100644 --- a/lib/Controller/WopiController.php +++ b/lib/Controller/WopiController.php @@ -202,11 +202,11 @@ public function checkFileInfo($fileId, $access_token) { 'UserFriendlyName' => $userDisplayName, 'UserExtraInfo' => [], 'UserCanWrite' => (bool)$wopi->getCanwrite(), - 'UserCanNotWriteRelative' => $this->encryptionManager->isEnabled() || $isPublic || $wopi->getHideDownload(), + 'UserCanNotWriteRelative' => $this->encryptionManager->isEnabled() || $isPublic || $wopi->getHideDownload() || $wopi->isRemoteToken(), 'PostMessageOrigin' => $wopi->getServerHost(), 'LastModifiedTime' => Helper::toISO8601($file->getMTime()), - 'SupportsRename' => !$isVersion, - 'UserCanRename' => !$isPublic && !$isVersion, + 'SupportsRename' => !$isVersion && !$wopi->isRemoteToken(), + 'UserCanRename' => !$isPublic && !$isVersion && !$wopi->isRemoteToken(), 'EnableInsertRemoteImage' => !$isPublic, 'EnableShare' => $file->isShareable() && !$isVersion && !$isPublic, 'HideUserList' => '', From 3a72cc295435077b6fefa6e57089976377305118 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Fri, 3 May 2024 14:28:32 +0200 Subject: [PATCH 2/2] ci: Fix oci run php extensions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- .github/workflows/phpunit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index 7368754f87..eb484de086 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -247,7 +247,7 @@ jobs: uses: "shivammathur/setup-php@v2" with: php-version: "${{ matrix.php-versions }}" - extensions: mbstring, iconv, fileinfo, intl, oci8 + extensions: mbstring, iconv, fileinfo, intl, oci8, gd, zip tools: phpunit:9 coverage: none