Commit 4c00be49 authored by Morris Jobke's avatar Morris Jobke
Browse files

Merge pull request #14488 from owncloud/enhancement/security/inline-disposition

Serve all files with a Content-Disposition of 'attachment' via WebDAV
parents 7bff0681 8ebe6672
......@@ -24,6 +24,7 @@
namespace OC\Connector\Sabre;
use Sabre\DAV\IFile;
use \Sabre\DAV\PropFind;
use \Sabre\DAV\PropPatch;
use \Sabre\HTTP\RequestInterface;
......@@ -52,6 +53,9 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
*/
private $tree;
/**
* @param \Sabre\DAV\Tree $tree
*/
public function __construct(\Sabre\DAV\Tree $tree) {
$this->tree = $tree;
}
......@@ -84,6 +88,21 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
$this->server->on('propPatch', array($this, 'handleUpdateProperties'));
$this->server->on('afterBind', array($this, 'sendFileIdHeader'));
$this->server->on('afterWriteContent', array($this, 'sendFileIdHeader'));
$this->server->on('afterMethod:GET', [$this,'httpGet']);
}
/**
* Plugin that adds a 'Content-Disposition: attachment' header to all files
* delivered by SabreDAV.
* @param RequestInterface $request
* @param ResponseInterface $response
*/
function httpGet(RequestInterface $request, ResponseInterface $response) {
// Only handle valid files
$node = $this->tree->getNodeForPath($request->getPath());
if (!($node instanceof IFile)) return;
$response->addHeader('Content-Disposition', 'attachment');
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment