From 4ff11e395519987af95ffc62d7a8f0094b6978ff Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Thu, 19 Dec 2019 09:38:22 +0100 Subject: [PATCH 1/2] Do not generate tokens for editor IDs that do not exist Signed-off-by: Christoph Wurst --- lib/private/DirectEditing/Manager.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/private/DirectEditing/Manager.php b/lib/private/DirectEditing/Manager.php index a739402d62930..a514eaea482b2 100644 --- a/lib/private/DirectEditing/Manager.php +++ b/lib/private/DirectEditing/Manager.php @@ -45,6 +45,8 @@ use OCP\L10N\IFactory; use OCP\Security\ISecureRandom; use OCP\Share\IShare; +use function array_key_exists; +use function in_array; class Manager implements IManager { @@ -140,6 +142,9 @@ public function open(string $filePath, string $editorId = null): string { if ($editorId === null) { $editorId = $this->findEditorForFile($file); } + if (!array_key_exists($editorId, $this->editors)) { + throw new \RuntimeException("Editor $editorId is unknown"); + } return $this->createToken($editorId, $file, $filePath); } From 0ddb9c01362a74662a4f062683c82c1594c7da01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Fri, 20 Dec 2019 11:09:05 +0100 Subject: [PATCH 2/2] Expose exception message in the response MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- apps/files/lib/Controller/DirectEditingController.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/files/lib/Controller/DirectEditingController.php b/apps/files/lib/Controller/DirectEditingController.php index b19d0f3ea1d4b..099c65f73e645 100644 --- a/apps/files/lib/Controller/DirectEditingController.php +++ b/apps/files/lib/Controller/DirectEditingController.php @@ -89,7 +89,7 @@ public function create(string $path, string $editorId, string $creatorId, string ]); } catch (Exception $e) { $this->logger->logException($e, ['message' => 'Exception when creating a new file through direct editing']); - return new DataResponse('Failed to create file', Http::STATUS_FORBIDDEN); + return new DataResponse('Failed to create file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN); } } @@ -106,7 +106,7 @@ public function open(string $path, string $editorId = null): DataResponse { ]); } catch (Exception $e) { $this->logger->logException($e, ['message' => 'Exception when opening a file through direct editing']); - return new DataResponse('Failed to open file', Http::STATUS_FORBIDDEN); + return new DataResponse('Failed to open file: ' . $e->getMessage(), Http::STATUS_FORBIDDEN); } } @@ -122,7 +122,7 @@ public function templates(string $editorId, string $creatorId): DataResponse { return new DataResponse($this->directEditingManager->getTemplates($editorId, $creatorId)); } catch (Exception $e) { $this->logger->logException($e); - return new DataResponse('Failed to open file', Http::STATUS_INTERNAL_SERVER_ERROR); + return new DataResponse('Failed to obtain template list: ' . $e->getMessage(), Http::STATUS_INTERNAL_SERVER_ERROR); } } }