core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon owncloud

[QA] folder shared with secure-view exposes PNG and JPG files

Open jnweiger opened this issue 4 years ago • 6 comments

seen with server 10.7.0

  • admin enables secure view as default sharing option.
  • user2 shares folder "user2-Photos" with user1. image
  • user1 sees image

Expected behaviour: according to documentation, JPG and PNG files should not be visible to user1 at all.

jnweiger avatar Jun 23 '21 13:06 jnweiger

Nice catch 👍 Can you or someone from the coding colleagues check what the code tells? Depending on the finding, either a docs or code change must be made.

mmattel avatar Jun 23 '21 14:06 mmattel

Technically the docs as well as the server are correct. The docs only state that unsupported file types are not accessible. Which is true if you try to download one of the images in your shared folder.

However, certain apps may break this rule. files_texteditor or gallery for example still allow viewing those files as they don't go the "standard WebDAV way" of handling things. This is a general (known?) issue and causes conflicts with other apps, too. Especially when it comes to restricting access to resources.

JammingBen avatar Jun 25 '21 08:06 JammingBen

@jnweiger do you know if this a regression ?

AlexAndBear avatar Jun 25 '21 12:06 AlexAndBear

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Dec 23 '21 01:12 github-actions[bot]

This issue has been automatically closed.

github-actions[bot] avatar Jan 02 '22 01:01 github-actions[bot]

@jnweiger do you know if this a regression ?

unlikely

jnweiger avatar Nov 17 '22 11:11 jnweiger