diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2025-03-05 15:52:50 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-05 15:52:50 +0100 |
| commit | 31cbd6a138dd1ec372ef5965baf3c378e6a7e6e5 (patch) | |
| tree | 90fa474b8636ee1778767a07922587b7b54b5165 | |
| parent | 88408b6546ccccdbda090aaf1345eda0e6a026d3 (diff) | |
| parent | 31deaf0ee1700e7a6cf8ffb6f21006db3166ca6c (diff) | |
| download | nextcloud-server-31cbd6a138dd1ec372ef5965baf3c378e6a7e6e5.tar.gz nextcloud-server-31cbd6a138dd1ec372ef5965baf3c378e6a7e6e5.zip | |
Merge pull request #51272 from nextcloud/backport/51256/stable30
[stable30] fix(dav): Handle long absence status earlier
| -rw-r--r-- | apps/dav/lib/Controller/OutOfOfficeController.php | 8 | ||||
| -rw-r--r-- | apps/dav/openapi.json | 5 |
2 files changed, 9 insertions, 4 deletions
diff --git a/apps/dav/lib/Controller/OutOfOfficeController.php b/apps/dav/lib/Controller/OutOfOfficeController.php index 4978fb87737..d48a76e6c48 100644 --- a/apps/dav/lib/Controller/OutOfOfficeController.php +++ b/apps/dav/lib/Controller/OutOfOfficeController.php @@ -21,6 +21,7 @@ use OCP\IRequest; use OCP\IUserManager; use OCP\IUserSession; use OCP\User\IAvailabilityCoordinator; +use function mb_strlen; /** * @psalm-import-type DAVOutOfOfficeData from ResponseDefinitions @@ -107,10 +108,10 @@ class OutOfOfficeController extends OCSController { * @param string $message Longer multiline message that is shown to others during the absence * @param ?string $replacementUserId User id of the replacement user * @param ?string $replacementUserDisplayName Display name of the replacement user - * @return DataResponse<Http::STATUS_OK, DAVOutOfOfficeData, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: 'firstDay'}, array{}>|DataResponse<Http::STATUS_UNAUTHORIZED, null, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> + * @return DataResponse<Http::STATUS_OK, DAVOutOfOfficeData, array{}>|DataResponse<Http::STATUS_BAD_REQUEST, array{error: 'firstDay'|'statusLength'}, array{}>|DataResponse<Http::STATUS_UNAUTHORIZED, null, array{}>|DataResponse<Http::STATUS_NOT_FOUND, null, array{}> * * 200: Absence data - * 400: When the first day is not before the last day + * 400: When validation fails, e.g. data range error or the first day is not before the last day * 401: When the user is not logged in * 404: When the replacementUserId was provided but replacement user was not found */ @@ -128,6 +129,9 @@ class OutOfOfficeController extends OCSController { if ($user === null) { return new DataResponse(null, Http::STATUS_UNAUTHORIZED); } + if (mb_strlen($status) > 100) { + return new DataResponse(['error' => 'statusLength'], Http::STATUS_BAD_REQUEST); + } if ($replacementUserId !== null) { $replacementUser = $this->userManager->get($replacementUserId); diff --git a/apps/dav/openapi.json b/apps/dav/openapi.json index cb7dc82c039..98d5007e376 100644 --- a/apps/dav/openapi.json +++ b/apps/dav/openapi.json @@ -793,7 +793,7 @@ } }, "400": { - "description": "When the first day is not before the last day", + "description": "When validation fails, e.g. data range error or the first day is not before the last day", "content": { "application/json": { "schema": { @@ -821,7 +821,8 @@ "error": { "type": "string", "enum": [ - "firstDay" + "firstDay", + "statusLength" ] } } |