From 668ba85743422803d8b818c1b098071dc12d4e4c Mon Sep 17 00:00:00 2001 From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> Date: Fri, 27 Mar 2026 06:13:53 -0700 Subject: [PATCH 1/8] fix(files_sharing): validate input in PublicPreviewController#getPreview Return 400 Bad Request when the file parameter is empty and the shared node is a folder, instead of passing the folder itself to getPreview which triggers an internal server error. Also rename the local variable to $fileNode to prevent the catch block from calling getMimeType() on the original string parameter when get() throws NotFoundException. Fixes #59229 Signed-off-by: Matt Van Horn Co-Authored-By: Claude Opus 4.6 Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../lib/Controller/PublicPreviewController.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index d917f6e0ebbb5..61c45841646ec 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -121,19 +121,22 @@ public function getPreview( try { $node = $share->getNode(); if ($node instanceof Folder) { - $file = $node->get($file); + if ($file === '') { + return new DataResponse([], Http::STATUS_BAD_REQUEST); + } + $fileNode = $node->get($file); } else { - $file = $node; + $fileNode = $node; } - $f = $this->previewManager->getPreview($file, $x, $y, !$a); + $f = $this->previewManager->getPreview($fileNode, $x, $y, !$a); $response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]); $response->cacheFor($cacheForSeconds); return $response; } catch (NotFoundException $e) { // If we have no preview enabled, we can redirect to the mime icon if any - if ($mimeFallback) { - if ($url = $this->mimeIconProvider->getMimeIconUrl($file->getMimeType())) { + if ($mimeFallback && isset($fileNode) && !($fileNode instanceof Folder)) { + if ($url = $this->mimeIconProvider->getMimeIconUrl($fileNode->getMimeType())) { return new RedirectResponse($url); } } From 8208db9ca96c7510fa5d214236471b97518c066e Mon Sep 17 00:00:00 2001 From: Josh Date: Sat, 28 Mar 2026 09:17:38 -0400 Subject: [PATCH 2/8] chore(sharing): update docblock for PublicPreviewController::getPreview Signed-off-by: Josh Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../lib/Controller/PublicPreviewController.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 61c45841646ec..a02181ea0cbd3 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -60,10 +60,13 @@ protected function isPasswordProtected(): bool { /** - * Get a preview for a shared file + * Get a preview for a public share. + * + * For shares pointing to a single file, the $file parameter is ignored and may be empty. + * For folder shares, $file must be the relative path to a file inside the shared folder. * * @param string $token Token of the share - * @param string $file File in the share + * @param string $file Relative path to a file inside a shared folder; ignored for single-file shares * @param int $x Width of the preview * @param int $y Height of the preview * @param bool $a Whether to not crop the preview From 5e1be796aae991c312e9ae17bcd3e01f1573e8f1 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 29 Mar 2026 09:35:15 -0400 Subject: [PATCH 3/8] refactor(files_sharing): improve PublicPreviewController::getPreview variable naming And slightly streamline the logic for clarity. Signed-off-by: Josh Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../Controller/PublicPreviewController.php | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index a02181ea0cbd3..e51dba15ee7a3 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -15,6 +15,7 @@ use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\PublicShareController; use OCP\Constants; +use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\NotFoundException; use OCP\IPreview; @@ -27,8 +28,7 @@ class PublicPreviewController extends PublicShareController { - /** @var IShare */ - private $share; + private IShare $share; public function __construct( string $appName, @@ -62,7 +62,7 @@ protected function isPasswordProtected(): bool { /** * Get a preview for a public share. * - * For shares pointing to a single file, the $file parameter is ignored and may be empty. + * For shares pointing to a single file, the $file parameter is ignored. * For folder shares, $file must be the relative path to a file inside the shared folder. * * @param string $token Token of the share @@ -121,25 +121,36 @@ public function getPreview( return new DataResponse([], Http::STATUS_FORBIDDEN); } + $previewFile = null; + try { - $node = $share->getNode(); - if ($node instanceof Folder) { + $shareNode = $share->getNode(); + if ($shareNode instanceof Folder) { if ($file === '') { return new DataResponse([], Http::STATUS_BAD_REQUEST); } - $fileNode = $node->get($file); + + $previewFile = $shareNode->get($file); + if ($previewFile instanceof Folder) { + return new DataResponse([], Http::STATUS_BAD_REQUEST); + } } else { - $fileNode = $node; + $previewFile = $shareNode; } - $f = $this->previewManager->getPreview($fileNode, $x, $y, !$a); - $response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]); + $preview = $this->previewManager->getPreview($previewFile, $x, $y, !$a); + $response = new FileDisplayResponse( + $preview, + Http::STATUS_OK, + ['Content-Type' => $preview->getMimeType()] + ); + $response->cacheFor($cacheForSeconds); return $response; } catch (NotFoundException $e) { - // If we have no preview enabled, we can redirect to the mime icon if any - if ($mimeFallback && isset($fileNode) && !($fileNode instanceof Folder)) { - if ($url = $this->mimeIconProvider->getMimeIconUrl($fileNode->getMimeType())) { + // If a preview could not be generated for a resolved file, we can redirect to the mime icon if any + if ($mimeFallback && $previewFile instanceof File) { + if ($url = $this->mimeIconProvider->getMimeIconUrl($previewFile->getMimeType())) { return new RedirectResponse($url); } } From 3a1d9958b0099ce4dce75baeb5304240922fef65 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 29 Mar 2026 09:45:55 -0400 Subject: [PATCH 4/8] test(files_sharing): add regression coverage for PublicPreviewController#getPreview edge cases Signed-off-by: Josh Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../tests/Controller/PublicPreviewControllerTest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php index 94ecd0bc23e43..24eff686ec0a9 100644 --- a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php +++ b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php @@ -10,6 +10,7 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\FileDisplayResponse; +use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Constants; use OCP\Files\File; @@ -32,6 +33,7 @@ class PublicPreviewControllerTest extends TestCase { private IManager&MockObject $shareManager; private ITimeFactory&MockObject $timeFactory; private IRequest&MockObject $request; + private IMimeIconProvider&MockObject $mimeIconProvider; private PublicPreviewController $controller; @@ -42,6 +44,7 @@ protected function setUp(): void { $this->shareManager = $this->createMock(IManager::class); $this->timeFactory = $this->createMock(ITimeFactory::class); $this->request = $this->createMock(IRequest::class); + $this->mimeIconProvider = $this->createMock(IMimeIconProvider::class); $this->timeFactory->method('getTime') ->willReturn(1337); @@ -54,7 +57,7 @@ protected function setUp(): void { $this->shareManager, $this->createMock(ISession::class), $this->previewManager, - $this->createMock(IMimeIconProvider::class), + $this->mimeIconProvider, ); } From 875e4264fb8f29dfad84f70dfe5a37bad64785b4 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 29 Mar 2026 10:06:26 -0400 Subject: [PATCH 5/8] test(files_sharing): make PublicPreviewController flag usage explicit in tests Signed-off-by: Josh Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../tests/Controller/PublicPreviewControllerTest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php index 24eff686ec0a9..93769f64bc5ee 100644 --- a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php +++ b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php @@ -156,7 +156,7 @@ public function testShareNoDownloadButPreviewHeader() { $preview->method('getMimeType') ->willReturn('myMime'); - $res = $this->controller->getPreview('token', 'file', 10, 10, true); + $res = $this->controller->getPreview('token', 'file', 10, 10, true, false); $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']); $expected->cacheFor(15 * 60); $this->assertEquals($expected, $res); @@ -192,7 +192,7 @@ public function testShareWithAttributes() { $preview->method('getMimeType') ->willReturn('myMime'); - $res = $this->controller->getPreview('token', 'file', 10, 10, true); + $res = $this->controller->getPreview('token', 'file', 10, 10, true, false); $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']); $expected->cacheFor(3600 * 24); $this->assertEquals($expected, $res); @@ -224,7 +224,7 @@ public function testPreviewFile() { $preview->method('getMimeType') ->willReturn('myMime'); - $res = $this->controller->getPreview('token', 'file', 10, 10, true); + $res = $this->controller->getPreview('token', 'file', 10, 10, true, false); $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']); $expected->cacheFor(3600 * 24); $this->assertEquals($expected, $res); @@ -250,7 +250,7 @@ public function testPreviewFolderInvalidFile(): void { ->with($this->equalTo('file')) ->willThrowException(new NotFoundException()); - $res = $this->controller->getPreview('token', 'file', 10, 10, true); + $res = $this->controller->getPreview('token', 'file', 10, 10, true, false); $expected = new DataResponse([], Http::STATUS_NOT_FOUND); $this->assertEquals($expected, $res); } @@ -287,7 +287,7 @@ public function testPreviewFolderValidFile(): void { $preview->method('getMimeType') ->willReturn('myMime'); - $res = $this->controller->getPreview('token', 'file', 10, 10, true); + $res = $this->controller->getPreview('token', 'file', 10, 10, true, false); $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']); $expected->cacheFor(3600 * 24); $this->assertEquals($expected, $res); From af7b10800eba709241428be990b595ba01de73a7 Mon Sep 17 00:00:00 2001 From: Josh Date: Sun, 29 Mar 2026 10:25:52 -0400 Subject: [PATCH 6/8] chore: fixup PublicPreviewControllerTest getPreview expected crop boolean Signed-off-by: Josh Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> From 0d786ad7661fe3765180e129ea0c87098c2b5aa7 Mon Sep 17 00:00:00 2001 From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> Date: Sat, 11 Apr 2026 14:25:07 -0400 Subject: [PATCH 7/8] fix(files_sharing): handle NotPermittedException and drop catch variables Addresses review feedback on PR #59253: * Catch `NotPermittedException` from `$shareNode->get()` and return 403 FORBIDDEN instead of propagating an internal server error (per @kesselb on line 133). * Drop the unused `$e` capture from the existing `NotFoundException` and `\InvalidArgumentException` catch blocks, using PHP 8.0 no-capture syntax (per @kesselb on line 150). * Add `testPreviewFolderSubfolderReturnsBadRequest` covering the branch where a folder share resolves `$file` to a subfolder and must return 400 (per @Copilot on line 136). Signed-off-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> --- .../lib/Controller/PublicPreviewController.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index e51dba15ee7a3..0c7ed22205619 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -18,6 +18,7 @@ use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\NotFoundException; +use OCP\Files\NotPermittedException; use OCP\IPreview; use OCP\IRequest; use OCP\ISession; @@ -147,7 +148,7 @@ public function getPreview( $response->cacheFor($cacheForSeconds); return $response; - } catch (NotFoundException $e) { + } catch (NotFoundException) { // If a preview could not be generated for a resolved file, we can redirect to the mime icon if any if ($mimeFallback && $previewFile instanceof File) { if ($url = $this->mimeIconProvider->getMimeIconUrl($previewFile->getMimeType())) { @@ -155,7 +156,9 @@ public function getPreview( } } return new DataResponse([], Http::STATUS_NOT_FOUND); - } catch (\InvalidArgumentException $e) { + } catch (NotPermittedException) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } catch (\InvalidArgumentException) { return new DataResponse([], Http::STATUS_BAD_REQUEST); } } From ca53f35c5fa0f71f2916f6bc2718e57eb4b7c34b Mon Sep 17 00:00:00 2001 From: Matt Van Horn <455140+mvanhorn@users.noreply.github.com> Date: Thu, 9 Jul 2026 08:27:07 -0700 Subject: [PATCH 8/8] fix(files_sharing): return 403 on NotPermittedException and sync openapi fix(files_sharing): return 403 on NotPermittedException and sync openapi [skip ci] --- apps/files_sharing/lib/Controller/PublicPreviewController.php | 4 +++- apps/files_sharing/openapi.json | 4 ++-- openapi.json | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php index 0c7ed22205619..84b9c892b4df1 100644 --- a/apps/files_sharing/lib/Controller/PublicPreviewController.php +++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php @@ -217,8 +217,10 @@ public function directLink(string $token) { $response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]); $response->cacheFor(3600 * 24); return $response; - } catch (NotFoundException $e) { + } catch (NotFoundException) { return new DataResponse([], Http::STATUS_NOT_FOUND); + } catch (NotPermittedException) { + return new DataResponse([], Http::STATUS_FORBIDDEN); } catch (\InvalidArgumentException $e) { return new DataResponse([], Http::STATUS_BAD_REQUEST); } diff --git a/apps/files_sharing/openapi.json b/apps/files_sharing/openapi.json index 9eac468689794..69d0129359d12 100644 --- a/apps/files_sharing/openapi.json +++ b/apps/files_sharing/openapi.json @@ -1455,7 +1455,7 @@ "/index.php/apps/files_sharing/publicpreview/{token}": { "get": { "operationId": "public_preview-get-preview", - "summary": "Get a preview for a shared file", + "summary": "Get a preview for a public share", "tags": [ "public_preview" ], @@ -1481,7 +1481,7 @@ { "name": "file", "in": "query", - "description": "File in the share", + "description": "Relative path to a file inside a shared folder; ignored for single-file shares", "schema": { "type": "string", "default": "" diff --git a/openapi.json b/openapi.json index 9a7657759eeee..02b73c97ccbe7 100644 --- a/openapi.json +++ b/openapi.json @@ -24010,7 +24010,7 @@ "/index.php/apps/files_sharing/publicpreview/{token}": { "get": { "operationId": "files_sharing-public_preview-get-preview", - "summary": "Get a preview for a shared file", + "summary": "Get a preview for a public share", "tags": [ "files_sharing/public_preview" ], @@ -24036,7 +24036,7 @@ { "name": "file", "in": "query", - "description": "File in the share", + "description": "Relative path to a file inside a shared folder; ignored for single-file shares", "schema": { "type": "string", "default": ""