diff options
author | Harrison Healey <harrisonmhealey@gmail.com> | 2016-03-31 12:21:40 -0400 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-03-31 12:21:40 -0400 |
commit | a0a747b2b3c39f18cb83cbb4825849dd7ae84b54 (patch) | |
tree | 222aafe0c17626041283fbdeeea5a903b93c676e /api | |
parent | 8050a9b958f72227dbf601c05f6bcdfe50141708 (diff) | |
parent | c27f7006703965638fd02f05a418bd5981b2da6c (diff) | |
download | chat-a0a747b2b3c39f18cb83cbb4825849dd7ae84b54.tar.gz chat-a0a747b2b3c39f18cb83cbb4825849dd7ae84b54.tar.bz2 chat-a0a747b2b3c39f18cb83cbb4825849dd7ae84b54.zip |
Merge pull request #2590 from mattermost/plt-2287
PLT-2287 Disable previously created public links with the config setting
Diffstat (limited to 'api')
-rw-r--r-- | api/file.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/api/file.go b/api/file.go index 9150e4bfe..f0873f884 100644 --- a/api/file.go +++ b/api/file.go @@ -394,6 +394,11 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { getFileAndForget(path, fileData) if len(hash) > 0 && len(data) > 0 && len(teamId) == 26 { + if !utils.Cfg.FileSettings.EnablePublicLink { + c.Err = model.NewLocAppError("getFile", "api.file.get_file.public_disabled.app_error", nil, "") + return + } + if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.FileSettings.PublicLinkSalt)) { c.Err = model.NewLocAppError("getFile", "api.file.get_file.public_invalid.app_error", nil, "") return |