add restrictions on content-type and content-size when downloading to resolve with...

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>

diff --git a/lib/private/Collaboration/Reference/LinkReferenceProvider.php b/lib/private/Collaboration/Reference/LinkReferenceProvider.php
index 5597df1ca978d176d96714d281fd7dc6efdd2afa..583cbdcfe997727eaf5ecb0e1872606fe04ea040 100644 (file)
--- a/lib/private/Collaboration/Reference/LinkReferenceProvider.php
+++ b/lib/private/Collaboration/Reference/LinkReferenceProvider.php
@@ -104,6 +104,22 @@ class LinkReferenceProvider implements IReferenceProvider {
                }
 
                $client = $this->clientService->newClient();
+               try {
+                       $headResponse = $client->head($reference->getId(), [ 'timeout' => 10 ]);
+               } catch (\Exception $e) {
+                       $this->logger->debug('Failed to perform HEAD request to get target metadata', ['exception' => $e]);
+                       return;
+               }
+               $linkContentLength = $headResponse->getHeader('Content-Length');
+               if (is_numeric($linkContentLength) && (int) $linkContentLength > 5 * 1024 * 1024) {
+                       $this->logger->debug('Skip resolving links pointing to content length > 5 MB');
+                       return;
+               }
+               $linkContentType = $headResponse->getHeader('Content-Type');
+               if ($linkContentType !== 'text/html') {
+                       $this->logger->debug('Skip resolving links pointing to content type that is not "text/html"');
+                       return;
+               }
                try {
                        $response = $client->get($reference->getId(), [ 'timeout' => 10 ]);
                } catch (\Exception $e) {