Skip to content
Snippets Groups Projects
Verified Commit 8bb50918 authored by Florian Azizian's avatar Florian Azizian
Browse files

FEAT #13779 TIME 0:15 improve url control for onlyOffice

parent a3a8da07
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/contentManagement/controllers/OnlyOfficeController.php
+ 17
17
View file @ 8bb50918
...@@ -39,11 +39,11 @@ class OnlyOfficeController ...@@ -39,11 +39,11 @@ class OnlyOfficeController
$coreUrl = str_replace('rest/', '', UrlController::getCoreUrl()); $coreUrl = str_replace('rest/', '', UrlController::getCoreUrl());
$configurations = [ $configurations = [
'enabled' => true, 'enabled' => true,
'serverUri' => (string)$loadedXml->onlyoffice->server_uri, 'serverUri' => (string)$loadedXml->onlyoffice->server_uri,
'serverPort' => (int)$loadedXml->onlyoffice->server_port, 'serverPort' => (int)$loadedXml->onlyoffice->server_port,
'serverSsl' => filter_var((string)$loadedXml->onlyoffice->server_ssl, FILTER_VALIDATE_BOOLEAN), 'serverSsl' => filter_var((string)$loadedXml->onlyoffice->server_ssl, FILTER_VALIDATE_BOOLEAN),
'coreUrl' => $coreUrl 'coreUrl' => $coreUrl
]; ];
return $response->withJson($configurations); return $response->withJson($configurations);
...@@ -163,9 +163,9 @@ class OnlyOfficeController ...@@ -163,9 +163,9 @@ class OnlyOfficeController
if (empty($body['format'])) { if (empty($body['format'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body format is empty']); return $response->withStatus(400)->withJson(['errors' => 'Body format is empty']);
} }
$path = null; $path = null;
$fileContent = base64_decode($body['objectId']); $fileContent = base64_decode($body['objectId']);
$extension = $body['format']; $extension = $body['format'];
} else { } else {
return $response->withStatus(400)->withJson(['errors' => 'Query param objectType does not exist']); return $response->withStatus(400)->withJson(['errors' => 'Query param objectType does not exist']);
} }
...@@ -195,7 +195,7 @@ class OnlyOfficeController ...@@ -195,7 +195,7 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'Query params filename forbidden']); return $response->withStatus(400)->withJson(['errors' => 'Query params filename forbidden']);
} }
$tmpPath = CoreConfigModel::getTmpPath(); $tmpPath = CoreConfigModel::getTmpPath();
$filename = "onlyOffice_{$queryParams['filename']}"; $filename = "onlyOffice_{$queryParams['filename']}";
$fileContent = file_get_contents($tmpPath . $filename); $fileContent = file_get_contents($tmpPath . $filename);
...@@ -203,8 +203,8 @@ class OnlyOfficeController ...@@ -203,8 +203,8 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'No content found']); return $response->withStatus(400)->withJson(['errors' => 'No content found']);
} }
$finfo = new \finfo(FILEINFO_MIME_TYPE); $finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent); $mimeType = $finfo->buffer($fileContent);
$extension = pathinfo($tmpPath . $filename, PATHINFO_EXTENSION); $extension = pathinfo($tmpPath . $filename, PATHINFO_EXTENSION);
unlink($tmpPath . $filename); unlink($tmpPath . $filename);
...@@ -227,13 +227,13 @@ class OnlyOfficeController ...@@ -227,13 +227,13 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice is not enabled']); return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice is not enabled']);
} }
$checkUrl = str_replace('http://', '', $queryParams['url']); $checkUrl = str_replace('http://', '', $queryParams['url']);
$checkUrl = str_replace('https://', '', $checkUrl); $checkUrl = str_replace('https://', '', $checkUrl);
$uri = (string)$loadedXml->onlyoffice->server_uri; $uri = (string)$loadedXml->onlyoffice->server_uri;
$uriPaths = explode('/', $uri, 2); $uriPaths = explode('/', $uri, 2);
$masterPath = $uriPaths[0]; $masterPath = $uriPaths[0];
$lastPath = !empty($uriPaths[1]) ? "/{$uriPaths[1]}" : ''; $lastPath = !empty($uriPaths[1]) ? rtrim("/{$uriPaths[1]}", '/') : '';
$port = (string)$loadedXml->onlyoffice->server_port; $port = (string)$loadedXml->onlyoffice->server_port;
if (strpos($checkUrl, "{$masterPath}:{$port}{$lastPath}/cache/files/") !== 0 && (($port != 80 && $port != 443) || strpos($checkUrl, "{$masterPath}{$lastPath}/cache/files/") !== 0)) { if (strpos($checkUrl, "{$masterPath}:{$port}{$lastPath}/cache/files/") !== 0 && (($port != 80 && $port != 443) || strpos($checkUrl, "{$masterPath}{$lastPath}/cache/files/") !== 0)) {
return $response->withStatus(400)->withJson(['errors' => 'Query params url is not allowed']); return $response->withStatus(400)->withJson(['errors' => 'Query params url is not allowed']);
...@@ -258,7 +258,7 @@ class OnlyOfficeController ...@@ -258,7 +258,7 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice server_port is empty', 'lang' => 'portIsEmpty']); return $response->withStatus(400)->withJson(['errors' => 'Onlyoffice server_port is empty', 'lang' => 'portIsEmpty']);
} }
$uri = (string)$loadedXml->onlyoffice->server_uri; $uri = (string)$loadedXml->onlyoffice->server_uri;
$port = (string)$loadedXml->onlyoffice->server_port; $port = (string)$loadedXml->onlyoffice->server_port;
$aUri = explode("/", $uri); $aUri = explode("/", $uri);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment