Merge pull request #46672 from nextcloud/fix/preview-invalid-id

Avoid using partial file info as valid one
nextcloud · Jul 25, 2024 · 4f2a29a · 4f2a29a
2 parents 2e353d8 + 2b0bc8b
commit 4f2a29a
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 3 deletions.
diff --git a/apps/files/lib/Controller/ApiController.php b/apps/files/lib/Controller/ApiController.php
@@ -93,6 +93,10 @@ public function getThumbnail($x, $y, $file) {
 				throw new NotFoundException();
 			}
 
+			if ($file->getId() <= 0) {
+				return new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND);
+			}
+
 			/** @var File $file */
 			$preview = $this->previewManager->getPreview($file, $x, $y, true);
 

diff --git a/apps/files/tests/Controller/ApiControllerTest.php b/apps/files/tests/Controller/ApiControllerTest.php
@@ -157,6 +157,7 @@ public function testGetThumbnailInvalidSize() {
 
 	public function testGetThumbnailInvalidImage() {
 		$file = $this->createMock(File::class);
+		$file->method('getId')->willReturn(123);
 		$this->userFolder->method('get')
 			->with($this->equalTo('unknown.jpg'))
 			->willReturn($file);
@@ -168,8 +169,19 @@ public function testGetThumbnailInvalidImage() {
 		$this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg'));
 	}
 
+	public function testGetThumbnailInvalidPartFile() {
+		$file = $this->createMock(File::class);
+		$file->method('getId')->willReturn(0);
+		$this->userFolder->method('get')
+			->with($this->equalTo('unknown.jpg'))
+			->willReturn($file);
+		$expected = new DataResponse(['message' => 'File not found.'], Http::STATUS_NOT_FOUND);
+		$this->assertEquals($expected, $this->apiController->getThumbnail(10, 10, 'unknown.jpg'));
+	}
+
 	public function testGetThumbnail() {
 		$file = $this->createMock(File::class);
+		$file->method('getId')->willReturn(123);
 		$this->userFolder->method('get')
 			->with($this->equalTo('known.jpg'))
 			->willReturn($file);

diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php
@@ -141,6 +141,10 @@ private function fetchPreview(
 			return new DataResponse([], Http::STATUS_FORBIDDEN);
 		}
 
+		if ($node->getId() <= 0) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
 		$storage = $node->getStorage();
 		if ($storage->instanceOfStorage(SharedStorage::class)) {
 			/** @var SharedStorage $storage */

diff --git a/lib/private/Files/View.php b/lib/private/Files/View.php
@@ -1338,9 +1338,6 @@ public function getFileInfo($path, $includeMountPoints = true) {
 		if (!Filesystem::isValidPath($path)) {
 			return false;
 		}
-		if (Cache\Scanner::isPartialFile($path)) {
-			return $this->getPartFileInfo($path);
-		}
 		$relativePath = $path;
 		$path = Filesystem::normalizePath($this->fakeRoot . '/' . $path);
 
@@ -1351,6 +1348,10 @@ public function getFileInfo($path, $includeMountPoints = true) {
 			$data = $this->getCacheEntry($storage, $internalPath, $relativePath);
 
 			if (!$data instanceof ICacheEntry) {
+				if (Cache\Scanner::isPartialFile($relativePath)) {
+					return $this->getPartFileInfo($relativePath);
+				}
+
 				return false;
 			}
 

diff --git a/tests/Core/Controller/PreviewControllerTest.php b/tests/Core/Controller/PreviewControllerTest.php
@@ -187,6 +187,7 @@ public function testValidPreview() {
 			->willReturn($userFolder);
 
 		$file = $this->createMock(File::class);
+		$file->method('getId')->willReturn(123);
 		$userFolder->method('get')
 			->with($this->equalTo('file'))
 			->willReturn($file);