summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-10-13 12:59:10 +0200
committerMorris Jobke <hey@morrisjobke.de>2016-10-20 15:15:48 +0200
commit08d688410747eba59c893a624942e9836749aa60 (patch)
treefb84c7116522b7034f6f2761bdcf6943c216654d
parent5d7e9bb8fcbcd9a03cf0723c5258b41487850f7d (diff)
downloadnextcloud-server-08d688410747eba59c893a624942e9836749aa60.tar.gz
nextcloud-server-08d688410747eba59c893a624942e9836749aa60.zip
Sanitize length headers when validating quota
-rw-r--r--apps/dav/lib/Connector/Sabre/QuotaPlugin.php21
-rw-r--r--apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php26
2 files changed, 25 insertions, 22 deletions
diff --git a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php
index 484bb5129e8..4aef5fc8a5a 100644
--- a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php
@@ -25,6 +25,11 @@
*
*/
namespace OCA\DAV\Connector\Sabre;
+use OCP\Files\FileInfo;
+use OCP\Files\StorageNotAvailableException;
+use Sabre\DAV\Exception\InsufficientStorage;
+use Sabre\DAV\Exception\ServiceUnavailable;
+use Sabre\HTTP\URLUtil;
/**
* This plugin check user quota and deny creating files when they exceeds the quota.
@@ -77,17 +82,16 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
* This method is called before any HTTP method and validates there is enough free space to store the file
*
* @param string $uri
- * @param null $data
- * @throws \Sabre\DAV\Exception\InsufficientStorage
+ * @throws InsufficientStorage
* @return bool
*/
- public function checkQuota($uri, $data = null) {
+ public function checkQuota($uri) {
$length = $this->getLength();
if ($length) {
if (substr($uri, 0, 1) !== '/') {
$uri = '/' . $uri;
}
- list($parentUri, $newName) = \Sabre\HTTP\URLUtil::splitPath($uri);
+ list($parentUri, $newName) = URLUtil::splitPath($uri);
if(is_null($parentUri)) {
$parentUri = '';
}
@@ -102,11 +106,11 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
$uri = rtrim($parentUri, '/') . '/' . $info['name'];
}
$freeSpace = $this->getFreeSpace($uri);
- if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
+ if ($freeSpace !== FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
if (isset($chunkHandler)) {
$chunkHandler->cleanup();
}
- throw new \Sabre\DAV\Exception\InsufficientStorage();
+ throw new InsufficientStorage();
}
}
return true;
@@ -136,13 +140,14 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
/**
* @param string $uri
* @return mixed
+ * @throws ServiceUnavailable
*/
public function getFreeSpace($uri) {
try {
$freeSpace = $this->view->free_space(ltrim($uri, '/'));
return $freeSpace;
- } catch (\OCP\Files\StorageNotAvailableException $e) {
- throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
+ } catch (StorageNotAvailableException $e) {
+ throw new ServiceUnavailable($e->getMessage());
}
}
}
diff --git a/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php b/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php
index 89bc1ee8adb..b37abdc9b05 100644
--- a/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php
@@ -24,22 +24,20 @@
*
*/
namespace OCA\DAV\Tests\unit\Connector\Sabre;
+use Test\TestCase;
+
/**
* Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
* This file is licensed under the Affero General Public License version 3 or
* later.
* See the COPYING-README file.
*/
-class QuotaPluginTest extends \Test\TestCase {
+class QuotaPluginTest extends TestCase {
- /**
- * @var \Sabre\DAV\Server
- */
+ /** @var \Sabre\DAV\Server | \PHPUnit_Framework_MockObject_MockObject */
private $server;
- /**
- * @var \OCA\DAV\Connector\Sabre\QuotaPlugin
- */
+ /** @var \OCA\DAV\Connector\Sabre\QuotaPlugin | \PHPUnit_Framework_MockObject_MockObject */
private $plugin;
private function init($quota, $checkedPath = '') {
@@ -126,19 +124,19 @@ class QuotaPluginTest extends \Test\TestCase {
}
public function lengthProvider() {
- return array(
- array(null, array()),
- array(1024, array('X-EXPECTED-ENTITY-LENGTH' => '1024')),
- array(512, array('CONTENT-LENGTH' => '512')),
- array(2048, array('OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024')),
- array(4096, array('OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096')),
+ return [
+ [null, []],
+ [1024, ['X-EXPECTED-ENTITY-LENGTH' => '1024']],
+ [512, ['CONTENT-LENGTH' => '512']],
+ [2048, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024']],
+ [4096, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096']],
[null, ['X-EXPECTED-ENTITY-LENGTH' => 'A']],
[null, ['CONTENT-LENGTH' => 'A']],
[1024, ['OC-TOTAL-LENGTH' => 'A', 'CONTENT-LENGTH' => '1024']],
[1024, ['OC-TOTAL-LENGTH' => 'A', 'X-EXPECTED-ENTITY-LENGTH' => '1024']],
[null, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => 'A']],
[null, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => 'A']],
- );
+ ];
}
public function quotaChunkedOkProvider() {