Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Return 404 error when presentation file download is not allowed. #9259

Merged
merged 1 commit into from Apr 25, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Return 404 error when the file download is not allowed.
  • Loading branch information
GhaziTriki committed Apr 25, 2020
commit b21ca8355a57286a1e6df96984b3a4c57679a463
Expand Up @@ -88,10 +88,28 @@ public void processMakePresentationDownloadableMsg(MakePresentationDownloadableM
}

public File getDownloadablePresentationFile(String meetingId, String presId, String presFilename) {
log.info("Find downloadable presentation for meetingId={} presId={} filename={}", meetingId, presId, presFilename);

log.info("Find downloadable presentation for meetingId={} presId={} filename={}", meetingId, presId,
presFilename);
File presDir = Util.getPresentationDir(presentationBaseDir, meetingId, presId);
return new File(presDir.getAbsolutePath() + File.separatorChar + presFilename);
// Build file to presFilename
// Get canonicalPath and make sure it starts with
// /var/bigbluebutton/<meetingid-pattern>
// If so return file, if not return null
File presFile = new File(presDir.getAbsolutePath() + File.separatorChar + presFilename);
try {
String presFileCanonical = presFile.getCanonicalPath();
log.debug("Requested presentation name file full path {}",presFileCanonical);
if (presFileCanonical.startsWith(presentationBaseDir)) {
return presFile;
}
} catch (IOException e) {
log.error("Exception getting canonical path for {}.\n{}", presFilename, e);
return null;
}

log.error("Cannot find file for {}.", presFilename);

return null;
}

public void kickOffRecordingChapterBreak(String meetingId, Long timestamp) {
Expand Down
Expand Up @@ -297,7 +297,7 @@ class PresentationController {
InputStream is = null;
try {
def pres = meetingService.getDownloadablePresentationFile(meetingId, presId, presFilename)
if (pres.exists()) {
if (pres != null && pres.exists()) {
log.debug "Controller: Sending pdf reply for $presFilename"

def bytes = pres.readBytes()
Expand All @@ -311,9 +311,11 @@ class PresentationController {
response.outputStream << bytes;
} else {
log.warn "$pres does not exist."
response.status = 404
}
} catch (IOException e) {
log.error("Error reading file.\n" + e.getMessage());
response.status = 404
}
}

Expand Down