Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Visiting public-files/token for files drop link without password opens ordinary public link page #2414

Closed
skshetry opened this issue Nov 8, 2019 · 0 comments · Fixed by #4627
Closed

Visiting public-files/token for files drop link without password opens ordinary public link page #2414

skshetry opened this issue Nov 8, 2019 · 0 comments · Fixed by #4627
Labels
Type:Bug Something isn't working

Comments

@skshetry
Copy link
Member

skshetry commented Nov 8, 2019
edited
Loading

Steps to reproduce

  1. Create a files-drop link without setting a password.
  2. Open the files-drop link.
  3. Replace the link "/files-drop/" with "/public-files/"

Expected behaviour

Redirect to "Files Drop" page.

Actual behaviour

Opens public-files page, with empty files list.

This could well be a feature, but the password-protected link does redirect to /files-drop, so, I'd expect to happen same thing with without-password-link.

Server configuration

Operating system:

Web server:

Database:

PHP version:

ownCloud version: (see ownCloud admin page)

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and put the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well-sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to diligently
remove *all* hostnames, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/...

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...
@skshetry skshetry added the Type:Bug Something isn't working label Nov 8, 2019
@PVince81 PVince81 added this to the Milestone 1: Phoenix for users milestone Nov 11, 2019
@LukasHirt LukasHirt mentioned this issue Mar 22, 2021
Merged
36 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bring oc-table-files component and refactor views owncloud/web
2 participants
@PVince81 @skshetry