diff --git a/core/routes.php b/core/routes.php
index be5766cea9da77362aa804dece5d36f5f9815ccc..c45ffee26fdac403ff1e4f18a92636656836dbf4 100644
--- a/core/routes.php
+++ b/core/routes.php
@@ -44,6 +44,8 @@ $this->create('core_ajax_routes', '/core/routes.json')
 	->action('OC_Router', 'JSRoutes');
 $this->create('core_ajax_preview', '/core/preview.png')
 	->action('OC_Preview', 'previewRouter');
+$this->create('core_ajax_public_preview', '/core/publicpreview.png')
+	->action('OC_Preview', 'publicPreviewRouter');
 OC::$CLASSPATH['OC_Core_LostPassword_Controller'] = 'core/lostpassword/controller.php';
 $this->create('core_lostpassword_index', '/lostpassword/')
 	->get()
diff --git a/lib/preview.php b/lib/preview.php
index 572c85057befb0c5a4d820afdb9d20f67b084aea..39a87ed53963f211effe671f12549e1e3b70dafd 100755
--- a/lib/preview.php
+++ b/lib/preview.php
@@ -529,16 +529,30 @@ class OC_Preview {
 		if(array_key_exists('y', $_GET)) $maxY = (int) $_GET['y'];
 		if(array_key_exists('scalingup', $_GET)) $scalingup = (bool) $_GET['scalingup'];
 		if(array_key_exists('t', $_GET)) $token = (string) $_GET['t'];
-
+		
 		$linkItem = OCP\Share::getShareByToken($token);
+		
 		if (is_array($linkItem) && isset($linkItem['uid_owner']) && isset($linkItem['file_source'])) {
 			$userid = $linkItem['uid_owner'];
-			OC_Util::setupFS($fileOwner);
-			$path = $linkItem['file_source'];
+			OC_Util::setupFS($userid);
+			$pathid = $linkItem['file_source'];
+			$path = \OC\Files\Filesystem::getPath($pathid);
+		}
+		
+		//clean up file parameter
+		$file = \OC\Files\Filesystem::normalizePath($file);
+		if(!\OC\Files\Filesystem::isValidPath($file)){
+			OC_Response::setStatus(403);
+			exit;
+		}
+
+		$path = \OC\Files\Filesystem::normalizePath($path, false);
+		if(substr($path, 0, 1) == '/'){
+			$path = substr($path, 1);
 		}
 
-		if($user !== null && $path !== null){
-			$preview = new OC_Preview($userid, $path, $file, $maxX, $maxY, $scalingup);
+		if($userid !== null && $path !== null){
+			$preview = new OC_Preview($userid, 'files/' . $path, $file, $maxX, $maxY, $scalingup);
 			$preview->showPreview();
 		}else{
 			OC_Response::setStatus(404);
diff --git a/lib/preview/unknown.php b/lib/preview/unknown.php
index 290c18a72d70ecfffb57dda0062697cfef7e9e58..5bbdcf847f191616932fcf1245a40efd73c4dddd 100644
--- a/lib/preview/unknown.php
+++ b/lib/preview/unknown.php
@@ -13,11 +13,13 @@ class OC_Preview_Unknown extends OC_Preview_Provider{
 	}
 
 	public function getThumbnail($path, $maxX, $maxY, $scalingup,$fileview) {
-
-
-		$mimetype = $this->fileview->getMimeType($file);
+		/*$mimetype = $fileview->getMimeType($path);
+		$info = $fileview->getFileInfo($path);
+		$name = array_key_exists('name', $info) ? $info['name'] : '';
+		$size = array_key_exists('size', $info) ? $info['size'] : 0; 
+		$isencrypted = array_key_exists('encrypted', $info) ? $info['encrypted'] : false;*/ // show little lock
 		return new \OC_Image();
 	}
 }
 
-OC_Preview::registerProvider('OC_Preview_Unknown');
\ No newline at end of file
+OC_Preview::registerProvider('OC_Preview_Unknown');