DirectController: Verify that expirationTime is between 0s and 24h

Signed-off-by: Iscle <albertiscle9@gmail.com>
author: Iscle <albertiscle9@gmail.com> 2020-10-01 23:47:13 +0200
committer: Iscle <albertiscle9@gmail.com> 2020-10-01 23:48:41 +0200
commit: 0e5d69286678d398b128a0c1bf3c5bea69678691 (patch)
tree: 4d80b5e00580596dd678deef50ae823e593563e7 /apps/dav/lib
parent: ebd734dc86f8b8e821b2a99539e38516e2876a86 (diff)
download: nextcloud-server-0e5d69286678d398b128a0c1bf3c5bea69678691.tar.gz
nextcloud-server-0e5d69286678d398b128a0c1bf3c5bea69678691.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/apps/dav/lib/Controller/DirectController.php b/apps/dav/lib/Controller/DirectController.php
index ff7c96ddef1..35f4c0dbcb5 100644
--- a/apps/dav/lib/Controller/DirectController.php
+++ b/apps/dav/lib/Controller/DirectController.php
@@ -90,6 +90,10 @@ class DirectController extends OCSController {
 			throw new OCSNotFoundException();
 		}
 
+		if ($expirationTime <= 0 || $expirationTime > (60 * 60 * 24)) {
+			throw new OCSBadRequestException('Expiration time should be greater than 0 and less than or equal to ' . (60 * 60 * 24));
+		}
+
 		$file = array_shift($files);
 		if (!($file instanceof File)) {
 			throw new OCSBadRequestException('Direct download only works for files');
author	Iscle <albertiscle9@gmail.com>	2020-10-01 23:47:13 +0200
committer	Iscle <albertiscle9@gmail.com>	2020-10-01 23:48:41 +0200
commit	0e5d69286678d398b128a0c1bf3c5bea69678691 (patch)
tree	4d80b5e00580596dd678deef50ae823e593563e7 /apps/dav/lib
parent	ebd734dc86f8b8e821b2a99539e38516e2876a86 (diff)
download	nextcloud-server-0e5d69286678d398b128a0c1bf3c5bea69678691.tar.gz nextcloud-server-0e5d69286678d398b128a0c1bf3c5bea69678691.zip