From 1f8f95df485257366facf4a024004cb6ea6f9a24 Mon Sep 17 00:00:00 2001 From: Anna Larch Date: Fri, 6 Mar 2026 09:53:09 +0100 Subject: [PATCH 1/2] fix: only write activites for actualy public uploads Currently, any file activity without a proper session is interpreted to be a public upload. Now, the share token is compared and the activity is only written when the share token belongs to a public folder Signed-off-by: Anna Larch --- lib/CurrentUser.php | 20 ++++++++++++++++++++ lib/FilesHooks.php | 2 +- tests/FilesHooksTest.php | 5 +++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/lib/CurrentUser.php b/lib/CurrentUser.php index 47bd9333a..8f5f59aa9 100644 --- a/lib/CurrentUser.php +++ b/lib/CurrentUser.php @@ -102,11 +102,31 @@ public function getCloudId() { return $this->cloudId; } + /** + * Check if the current request is via a public share link + */ + public function isPublicShareToken(): bool { + /** @psalm-suppress NoInterfaceProperties */ + if (!empty($this->request->server['PHP_AUTH_USER'])) { + $token = $this->request->server['PHP_AUTH_USER']; + try { + $share = $this->shareManager->getShareByToken($token); + return $share->getShareType() === IShare::TYPE_LINK + || $share->getShareType() === IShare::TYPE_EMAIL; + } catch (ShareNotFound $e) { + // No share found for this token + } + } + + return false; + } + /** * Get the cloud ID from the sharing token * @return string|null */ protected function getCloudIDFromToken() { + /** @psalm-suppress NoInterfaceProperties */ if (!empty($this->request->server['PHP_AUTH_USER'])) { $token = $this->request->server['PHP_AUTH_USER']; /** diff --git a/lib/FilesHooks.php b/lib/FilesHooks.php index b4b5b1657..34b983ae6 100644 --- a/lib/FilesHooks.php +++ b/lib/FilesHooks.php @@ -82,7 +82,7 @@ public function fileCreate($path) { return; } - if ($this->currentUser->getUserIdentifier() !== '') { + if ($this->currentUser->getUserIdentifier() !== '' || !$this->currentUser->isPublicShareToken()) { $this->addNotificationsForFileAction($path, Files::TYPE_SHARE_CREATED, 'created_self', 'created_by'); } else { $this->addNotificationsForFileAction($path, Files_Sharing::TYPE_PUBLIC_UPLOAD, '', 'created_public'); diff --git a/tests/FilesHooksTest.php b/tests/FilesHooksTest.php index 0e98ead51..3495ceb16 100644 --- a/tests/FilesHooksTest.php +++ b/tests/FilesHooksTest.php @@ -176,8 +176,9 @@ protected function getUserMock(string $uid): IUser { public static function dataFileCreate(): array { return [ - ['user', 'created_self', 'created_by', Files::TYPE_SHARE_CREATED], - ['', '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD], + ['user', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED], + ['', true, '', 'created_public', Files_Sharing::TYPE_PUBLIC_UPLOAD], + ['', false, 'created_self', 'created_by', Files::TYPE_SHARE_CREATED], ]; } From 60916606a61a10477f30c27fe392683b05d49613 Mon Sep 17 00:00:00 2001 From: Anna Larch Date: Fri, 6 Mar 2026 11:07:55 +0100 Subject: [PATCH 2/2] chore: update psalm baseline Signed-off-by: Anna Larch [skip ci] --- tests/psalm-baseline.xml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/psalm-baseline.xml b/tests/psalm-baseline.xml index ca7473aee..083130c8b 100644 --- a/tests/psalm-baseline.xml +++ b/tests/psalm-baseline.xml @@ -1,15 +1,10 @@ - + - - - request->server]]> - - filterFavorites($query);]]>