[Bug]: Improper input validation in PublicPreviewController triggers internal server error

### ⚠️ This issue respects the following points: ⚠️

- [x] This is a **bug**, not a question or a configuration/webserver/proxy issue.
- [x] This issue is **not** already reported on [Github](https://github.com/nextcloud/server/issues?q=is%3Aopen+is%3Aissue+label%3Abug) OR [Nextcloud Community Forum](https://help.nextcloud.com/) _(I've searched it)_.
- [x] Nextcloud Server **is** up to date. See [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for supported versions.
- [x] I agree to follow Nextcloud's [Code of Conduct](https://nextcloud.com/contribute/code-of-conduct/).

### Bug description

An incomplete input validation in PublicPreviewController can trigger an internal server error. 

### Steps to reproduce

#### Case A

1. Create a public link for a folder
2. Send `GET https://server33.internal/index.php/apps/files_sharing/publicpreview/{token}` 
3. 💥 

https://github.com/nextcloud/server/blob/7e9e1269a059ddfc7807f977707a1800e3a303e4/apps/files_sharing/lib/Controller/PublicPreviewController.php#L123-L130

- Default for `$file` is an empty string. 
- `$file = $node->get('');` is still an Folder instance
- getPreview expectes File

#### Case B

1. Create a public link for a folder
2. Send `GET https://server33.internal/index.php/apps/files_sharing/publicpreview/{token}?file=notexist.png&mimeFallback=1` 
3. 💥 

https://github.com/nextcloud/server/blob/7e9e1269a059ddfc7807f977707a1800e3a303e4/apps/files_sharing/lib/Controller/PublicPreviewController.php#L122-L142

- `get` and `getPreview` both throw NotFoundException.
- However the branch with mimetype fallback only works if the preview not exists, not if the node not exists.



### Expected behavior

No internal server error 



	$node = $share->getNode();
	if ($node instanceof Folder) {
	$file = $node->get($file);
	} else {
	$file = $node;
	}

	$f = $this->previewManager->getPreview($file, $x, $y, !$a);

	try {
	$node = $share->getNode();
	if ($node instanceof Folder) {
	$file = $node->get($file);
	} else {
	$file = $node;
	}

	$f = $this->previewManager->getPreview($file, $x, $y, !$a);
	$response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);
	$response->cacheFor($cacheForSeconds);
	return $response;
	} catch (NotFoundException $e) {
	// If we have no preview enabled, we can redirect to the mime icon if any
	if ($mimeFallback) {
	if ($url = $this->mimeIconProvider->getMimeIconUrl($file->getMimeType())) {
	return new RedirectResponse($url);
	}
	}
	return new DataResponse([], Http::STATUS_NOT_FOUND);
	} catch (\InvalidArgumentException $e) {

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug]: Improper input validation in PublicPreviewController triggers internal server error #59229

⚠️ This issue respects the following points: ⚠️

Bug description

Steps to reproduce

Case A

Case B

Expected behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Bug]: Improper input validation in PublicPreviewController triggers internal server error #59229

Description

⚠️ This issue respects the following points: ⚠️

Bug description

Steps to reproduce

Case A

Case B

Expected behavior

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions