throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).');
}
+ // Prevent writing invalid mtime (timezone-proof)
+ if ((int)$mtimeFromRequest <= 24 * 60 * 60) {
+ throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer');
+ }
+
return (int)$mtimeFromRequest;
}
}
'expected result' => null
],
"castable string (int)" => [
- 'HTTP_X_OC_MTIME' => "34",
- 'expected result' => 34
+ 'HTTP_X_OC_MTIME' => "987654321",
+ 'expected result' => 987654321
],
"castable string (float)" => [
- 'HTTP_X_OC_MTIME' => "34.56",
- 'expected result' => 34
+ 'HTTP_X_OC_MTIME' => "123456789.56",
+ 'expected result' => 123456789
],
"float" => [
- 'HTTP_X_OC_MTIME' => 34.56,
- 'expected result' => 34
+ 'HTTP_X_OC_MTIME' => 123456789.56,
+ 'expected result' => 123456789
],
"zero" => [
'HTTP_X_OC_MTIME' => 0,
- 'expected result' => 0
+ 'expected result' => null
],
"zero string" => [
'HTTP_X_OC_MTIME' => "0",
- 'expected result' => 0
+ 'expected result' => null
],
"negative zero string" => [
'HTTP_X_OC_MTIME' => "-0",
- 'expected result' => 0
+ 'expected result' => null
],
"string starting with number following by char" => [
'HTTP_X_OC_MTIME' => "2345asdf",
],
"negative int" => [
'HTTP_X_OC_MTIME' => -34,
- 'expected result' => -34
+ 'expected result' => null
],
"negative float" => [
'HTTP_X_OC_MTIME' => -34.43,
- 'expected result' => -34
+ 'expected result' => null
],
];
}
if ($resultMtime === null) {
$this->expectException(\InvalidArgumentException::class);
- $this->expectExceptionMessage("X-OC-MTime header must be an integer (unix timestamp).");
}
$this->doPut($file, null, $request);
if ($resultMtime === null) {
$this->expectException(\Sabre\DAV\Exception::class);
- $this->expectExceptionMessage("X-OC-MTime header must be an integer (unix timestamp).");
}
$this->doPut($file.'-chunking-12345-2-0', null, $request);
->disableOriginalConstructor()
->getMock();
- $node = new \OCA\DAV\Connector\Sabre\File($view, $info);
+ $node = new \OCA\DAV\Connector\Sabre\File($view, $info);
$this->invokePrivate($node, 'shareManager', [$shareManager]);
$this->assertEquals($expected, $node->getSharePermissions($user));
}
+
+ public function sanitizeMtimeProvider() {
+ return [
+ [123456789, 123456789],
+ ['987654321', 987654321],
+ ];
+ }
+
+ /**
+ * @dataProvider sanitizeMtimeProvider
+ */
+ public function testSanitizeMtime($mtime, $expected) {
+ $view = $this->getMockBuilder(View::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+ $info = $this->getMockBuilder(FileInfo::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $node = new \OCA\DAV\Connector\Sabre\File($view, $info);
+ $result = $this->invokePrivate($node, 'sanitizeMtime', [$mtime]);
+ $this->assertEquals($expected, $result);
+ }
+
+ public function invalidSanitizeMtimeProvider() {
+ return [
+ [-1337], [0], ['abcdef'], ['-1337'], ['0'], [12321], [24 * 60 * 60 - 1]
+ ];
+ }
+
+ /**
+ * @dataProvider invalidSanitizeMtimeProvider
+ */
+ public function testInvalidSanitizeMtime($mtime) {
+ $this->expectException(\InvalidArgumentException::class);
+
+ $view = $this->getMockBuilder(View::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+ $info = $this->getMockBuilder(FileInfo::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+
+ $node = new \OCA\DAV\Connector\Sabre\File($view, $info);
+ $result = $this->invokePrivate($node, 'sanitizeMtime', [$mtime]);
+ }
}
projects / nextcloud-server.git / commitdiff