Skip to content

Commit

Permalink
Merge pull request #3636 from nextcloud/backport/3635/stable24
Browse files Browse the repository at this point in the history 
[stable24] fix: Block incompatible operations with remote tokens
  • Loading branch information
@juliusknorr
juliusknorr authored May 17, 2024
2 parents 27244ea + 3a72cc2 commit 4d2bc09
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/phpunit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ jobs:
uses: "shivammathur/setup-php@v2"
with:
php-version: "${{ matrix.php-versions }}"
extensions: mbstring, iconv, fileinfo, intl, oci8
extensions: mbstring, iconv, fileinfo, intl, oci8, gd, zip
tools: phpunit:9
coverage: none

Expand Down
6 changes: 3 additions & 3 deletions lib/Controller/WopiController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,11 +202,11 @@ public function checkFileInfo($fileId, $access_token) {
'UserFriendlyName' => $userDisplayName,
'UserExtraInfo' => [],
'UserCanWrite' => (bool)$wopi->getCanwrite(),
'UserCanNotWriteRelative' => $this->encryptionManager->isEnabled() || $isPublic || $wopi->getHideDownload(),
'UserCanNotWriteRelative' => $this->encryptionManager->isEnabled() || $isPublic || $wopi->getHideDownload() || $wopi->isRemoteToken(),
'PostMessageOrigin' => $wopi->getServerHost(),
'LastModifiedTime' => Helper::toISO8601($file->getMTime()),
'SupportsRename' => !$isVersion,
'UserCanRename' => !$isPublic && !$isVersion,
'SupportsRename' => !$isVersion && !$wopi->isRemoteToken(),
'UserCanRename' => !$isPublic && !$isVersion && !$wopi->isRemoteToken(),
'EnableInsertRemoteImage' => !$isPublic,
'EnableShare' => $file->isShareable() && !$isVersion && !$isPublic,
'HideUserList' => '',
Expand Down

0 comments on commit 4d2bc09

Please sign in to comment.