From 508f2252dae33de899fb32a5a342e65c018ad2e4 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Wed, 23 Oct 2024 15:59:14 +0300
Subject: [PATCH] server/media: don't allow downloading encrypted media without
 flag

---
 cmd/gomuks/media.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cmd/gomuks/media.go b/cmd/gomuks/media.go
index 063eceb..c1fffbd 100644
--- a/cmd/gomuks/media.go
+++ b/cmd/gomuks/media.go
@@ -204,6 +204,9 @@ func (gmx *Gomuks) DownloadMedia(w http.ResponseWriter, r *http.Request) {
 	} else if (cacheEntry == nil || cacheEntry.EncFile == nil) && encrypted {
 		mautrix.MNotFound.WithMessage("Media encryption keys not found in cache").Write(w)
 		return
+	} else if cacheEntry != nil && cacheEntry.EncFile != nil && !encrypted {
+		mautrix.MNotFound.WithMessage("Tried to download encrypted media without encrypted flag").Write(w)
+		return
 	}
 
 	if gmx.downloadMediaFromCache(ctx, w, r, cacheEntry, false) {