diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-10-13 12:59:10 +0200 |
|---|---|---|
| committer | Morris Jobke <hey@morrisjobke.de> | 2016-10-20 15:15:48 +0200 |
| commit | 08d688410747eba59c893a624942e9836749aa60 (patch) | |
| tree | fb84c7116522b7034f6f2761bdcf6943c216654d /apps/dav/lib/Connector/Sabre/QuotaPlugin.php | |
| parent | 5d7e9bb8fcbcd9a03cf0723c5258b41487850f7d (diff) | |
| download | nextcloud-server-08d688410747eba59c893a624942e9836749aa60.tar.gz nextcloud-server-08d688410747eba59c893a624942e9836749aa60.zip | |
Sanitize length headers when validating quota
Diffstat (limited to 'apps/dav/lib/Connector/Sabre/QuotaPlugin.php')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/QuotaPlugin.php | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php index 484bb5129e8..4aef5fc8a5a 100644 --- a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php +++ b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php @@ -25,6 +25,11 @@ * */ namespace OCA\DAV\Connector\Sabre; +use OCP\Files\FileInfo; +use OCP\Files\StorageNotAvailableException; +use Sabre\DAV\Exception\InsufficientStorage; +use Sabre\DAV\Exception\ServiceUnavailable; +use Sabre\HTTP\URLUtil; /** * This plugin check user quota and deny creating files when they exceeds the quota. @@ -77,17 +82,16 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { * This method is called before any HTTP method and validates there is enough free space to store the file * * @param string $uri - * @param null $data - * @throws \Sabre\DAV\Exception\InsufficientStorage + * @throws InsufficientStorage * @return bool */ - public function checkQuota($uri, $data = null) { + public function checkQuota($uri) { $length = $this->getLength(); if ($length) { if (substr($uri, 0, 1) !== '/') { $uri = '/' . $uri; } - list($parentUri, $newName) = \Sabre\HTTP\URLUtil::splitPath($uri); + list($parentUri, $newName) = URLUtil::splitPath($uri); if(is_null($parentUri)) { $parentUri = ''; } @@ -102,11 +106,11 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { $uri = rtrim($parentUri, '/') . '/' . $info['name']; } $freeSpace = $this->getFreeSpace($uri); - if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN && $length > $freeSpace) { + if ($freeSpace !== FileInfo::SPACE_UNKNOWN && $length > $freeSpace) { if (isset($chunkHandler)) { $chunkHandler->cleanup(); } - throw new \Sabre\DAV\Exception\InsufficientStorage(); + throw new InsufficientStorage(); } } return true; @@ -136,13 +140,14 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { /** * @param string $uri * @return mixed + * @throws ServiceUnavailable */ public function getFreeSpace($uri) { try { $freeSpace = $this->view->free_space(ltrim($uri, '/')); return $freeSpace; - } catch (\OCP\Files\StorageNotAvailableException $e) { - throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage()); + } catch (StorageNotAvailableException $e) { + throw new ServiceUnavailable($e->getMessage()); } } } |