iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: share password can be bypassed if a deleted share with the same id was visited before

Browse Source
This commit is contained in:
Elias Schneider
2024-10-23 15:48:47 +02:00
parent 546d2c1ce4
commit acbff6e129
2 changed files with 29 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
frontend/src/pages/share/[shareId]/index.tsx
View File

@@ -37,8 +37,10 @@ const Share = ({ shareId }: { shareId: string }) => {
modals,
t("share.error.visitor-limit-exceeded.title"),
t("share.error.visitor-limit-exceeded.description"),
"go-home",
"go-home"
);
} else if (error == "share_password_required") {
showEnterPasswordModal(modals, getShareToken);
} else {
toast.axiosError(e);
}
@@ -59,21 +61,21 @@ const Share = ({ shareId }: { shareId: string }) => {
modals,
t("share.error.removed.title"),
e.response.data.message,
"go-home",
"go-home"
);
} else {
showErrorModal(
modals,
t("share.error.not-found.title"),
t("share.error.not-found.description"),
"go-home",
"go-home"
);
}
} else if (e.response.status == 403 && error == "private_share") {
showErrorModal(
modals,
t("share.error.access-denied.title"),
t("share.error.access-denied.description"),
t("share.error.access-denied.description")
);
} else if (error == "share_password_required") {
showEnterPasswordModal(modals, getShareToken);
@@ -84,7 +86,7 @@ const Share = ({ shareId }: { shareId: string }) => {
modals,
t("common.error"),
t("common.error.unknown"),
"go-home",
"go-home"
);
}
});