diff options
| author | SebastianKrupinski <krupinskis05@gmail.com> | 2024-06-28 10:37:24 -0400 |
|---|---|---|
| committer | SebastianKrupinski <krupinskis05@gmail.com> | 2024-07-04 16:42:09 -0400 |
| commit | cb6c091e08979055c7b2187ac0994c16b049a078 (patch) | |
| tree | 89e790fd319a33ceda82418562fbe3656307c5f0 /apps/dav/lib/CardDAV | |
| parent | 8ec53608b0b1f6fad1569933bc05b723bd2bd2fc (diff) | |
| download | nextcloud-server-cb6c091e08979055c7b2187ac0994c16b049a078.tar.gz nextcloud-server-cb6c091e08979055c7b2187ac0994c16b049a078.zip | |
fix(carddav): limit vcard size
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
Diffstat (limited to 'apps/dav/lib/CardDAV')
| -rw-r--r-- | apps/dav/lib/CardDAV/Validation/CardDavValidatePlugin.php | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/apps/dav/lib/CardDAV/Validation/CardDavValidatePlugin.php b/apps/dav/lib/CardDAV/Validation/CardDavValidatePlugin.php new file mode 100644 index 00000000000..635ab6fcc78 --- /dev/null +++ b/apps/dav/lib/CardDAV/Validation/CardDavValidatePlugin.php @@ -0,0 +1,40 @@ +<?php + +declare(strict_types=1); + +/* + * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\DAV\CardDAV\Validation; + +use OCA\DAV\AppInfo\Application; +use OCP\IAppConfig; +use Sabre\DAV\Exception\Forbidden; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class CardDavValidatePlugin extends ServerPlugin { + + public function __construct( + private IAppConfig $config + ) { + } + + public function initialize(Server $server): void { + $server->on('beforeMethod:PUT', [$this, 'beforePut']); + } + + public function beforePut(RequestInterface $request, ResponseInterface $response): bool { + // evaluate if card size exceeds defined limit + $cardSizeLimit = $this->config->getValueInt(Application::APP_ID, 'card_size_limit', 5242880); + if ((int) $request->getRawServerValue('CONTENT_LENGTH') > $cardSizeLimit) { + throw new Forbidden("VCard object exceeds $cardSizeLimit bytes"); + } + // all tests passed return true + return true; + } + +} |