Skip to content

[stable32] fix(secure-view): allow server-side file reads in SecureViewWrapper#5590

Open
backportbot[bot] wants to merge 1 commit intostable32from
backport/5587/stable32
Open

[stable32] fix(secure-view): allow server-side file reads in SecureViewWrapper#5590
backportbot[bot] wants to merge 1 commit intostable32from
backport/5587/stable32

Conversation

@backportbot
Copy link
Copy Markdown

@backportbot backportbot Bot commented Apr 24, 2026

Backport of PR #5587

@chrip @claude @backportbot
fix(secure-view): allow server-side file reads blocked by SecureViewW…
c2e9114 
…rapper

SecureViewWrapper::checkFileAccess() was blocking all non-WOPI fopen()
and file_get_contents() calls on watermarked files, including server-side
reads that never expose content to the user (e.g. TemplateManager reading
a template file to copy it). Add isDirectFileServingRequest() to restrict
the block to actual download endpoints (WebDAV, public shares, previews).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Christoph Schaefer <christoph.schaefer@nextcloud.com>
@backportbot backportbot Bot requested review from chrip and elzody April 24, 2026 20:30
@backportbot backportbot Bot added the 3. to review Ready to be reviewed label Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elzody elzody Awaiting requested review from elzody elzody is a code owner

@juliusknorr juliusknorr Awaiting requested review from juliusknorr juliusknorr is a code owner

@chrip chrip Awaiting requested review from chrip

At least 1 approving review is required to merge this pull request.

Assignees

@chrip chrip

Labels

3. to review Ready to be reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrip