Merge pull request #16176 from owncloud/fix-provisioning-api-set-quota

Validate the quota value to be a correct value

4 files changed, 46 insertions, 17 deletions

diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php
index 505a141c032..43cf22b071b 100644
--- a/apps/provisioning_api/lib/users.php
+++ b/apps/provisioning_api/lib/users.php
@@ -155,7 +155,14 @@ class Users {
 			case 'quota':
 				$quota = $parameters['_put']['value'];
 				if($quota !== 'none' and $quota !== 'default') {
-					$quota = OC_Helper::computerFileSize($quota);
+					if (is_numeric($quota)) {
+						$quota = floatval($quota);
+					} else {
+						$quota = OC_Helper::computerFileSize($quota);
+					}
+					if ($quota === false) {
+						return new OC_OCS_Result(null, 103, "Invalid quota value {$parameters['_put']['value']}");
+					}
 					if($quota == 0) {
 						$quota = 'default';
 					}else if($quota == -1){
diff --git a/apps/provisioning_api/tests/userstest.php b/apps/provisioning_api/tests/userstest.php
index b7e83a3c4fe..c6a6133b7d2 100644
--- a/apps/provisioning_api/tests/userstest.php
+++ b/apps/provisioning_api/tests/userstest.php
@@ -187,20 +187,36 @@ class UsersTest extends TestCase {
 
 	}
 
-	public function testEditOwnQuota() {
+	/**
+	 * @dataProvider providesQuotas
+	 * @param $expected
+	 * @param $quota
+	 */
+	public function testEditOwnQuota($expected, $quota) {
 		$user = $this->generateUsers();
+		\OC_Group::addToGroup($user, 'admin');
 		\OC_User::setUserId($user);
 		$result = \OCA\provisioning_API\Users::editUser(
-			array(
+			[
 				'userid' => $user,
-				'_put' => array(
+				'_put' => [
 					'key' => 'quota',
-					'value' => '20G',
-					),
-				)
+					'value' => $quota,
+				],
+			]
 			);
 		$this->assertInstanceOf('OC_OCS_Result', $result);
-		$this->assertFalse($result->succeeded());
+		$this->assertEquals($expected, $result->succeeded());
+	}
+
+	public function providesQuotas() {
+		return [
+			[true, '20G'],
+			[true, '1234567'],
+			[true, 'none'],
+			[true, 'default'],
+			[false, 'qwertzu'],
+		];
 	}
 
 	public function testAdminEditOwnQuota() {
diff --git a/lib/private/helper.php b/lib/private/helper.php
index 144ccbfe228..981447c213b 100644
--- a/lib/private/helper.php
+++ b/lib/private/helper.php
@@ -394,6 +394,9 @@ class OC_Helper {
 	 */
 	public static function computerFileSize($str) {
 		$str = strtolower($str);
+		if (is_numeric($str)) {
+			return $str;
+		}
 
 		$bytes_array = array(
 			'b' => 1,
@@ -413,6 +416,8 @@ class OC_Helper {
 
 		if (preg_match('#([kmgtp]?b?)$#si', $str, $matches) && !empty($bytes_array[$matches[1]])) {
 			$bytes *= $bytes_array[$matches[1]];
+		} else {
+			return false;
 		}
 
 		$bytes = round($bytes);
diff --git a/tests/lib/helper.php b/tests/lib/helper.php
index ed15a677300..b7aa185f4e3 100644
--- a/tests/lib/helper.php
+++ b/tests/lib/helper.php
@@ -53,21 +53,22 @@ class Test_Helper extends \Test\TestCase {
 	}
 
 	/**
-	 * @dataProvider computerFileSizeProvider
+	 * @dataProvider providesComputerFileSize
 	 */
 	function testComputerFileSize($expected, $input) {
 		$result = OC_Helper::computerFileSize($input);
 		$this->assertEquals($expected, $result);
 	}
 
-	function computerFileSizeProvider(){
-		return array(
-			array(0.0, "0 B"),
-			array(1024.0, "1 kB"),
-			array(1395864371.0, '1.3 GB'),
-			array(9961472.0, "9.5 MB"),
-			array(500041567437.0, "465.7 GB"),
-		);
+	function providesComputerFileSize(){
+		return [
+			[0.0, "0 B"],
+			[1024.0, "1 kB"],
+			[1395864371.0, '1.3 GB'],
+			[9961472.0, "9.5 MB"],
+			[500041567437.0, "465.7 GB"],
+			[false, "12 GB etfrhzui"]
+		];
 	}
 
 	function testGetMimeType() {