diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-07-01 11:36:35 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-07-01 11:36:35 +0200 |
| commit | 179a355b2cd3dc489a54cc27fd717f67373d0b1e (patch) | |
| tree | f87a5586086635d4cbd18771b442ee771f79e441 /apps/dav/lib | |
| parent | 8e002b61554308cb4d50570f715303a82136f0fa (diff) | |
| parent | 2d2d2267f7f38ca29e7b87f40fae62261614b0d1 (diff) | |
| download | nextcloud-server-179a355b2cd3dc489a54cc27fd717f67373d0b1e.tar.gz nextcloud-server-179a355b2cd3dc489a54cc27fd717f67373d0b1e.zip | |
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
Diffstat (limited to 'apps/dav/lib')
| -rw-r--r-- | apps/dav/lib/CardDAV/ImageExportPlugin.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/apps/dav/lib/CardDAV/ImageExportPlugin.php b/apps/dav/lib/CardDAV/ImageExportPlugin.php index 3f505222491..fcd36b3ff35 100644 --- a/apps/dav/lib/CardDAV/ImageExportPlugin.php +++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php @@ -108,8 +108,18 @@ class ImageExportPlugin extends ServerPlugin { $photo = $vObject->PHOTO; $type = $this->getType($photo); - $valType = $photo->getValueType(); - $val = ($valType === 'URI' ? $photo->getRawMimeDirValue() : $photo->getValue()); + $val = $photo->getValue(); + if ($photo->getValueType() === 'URI') { + $parsed = \Sabre\URI\parse($val); + //only allow data:// + if ($parsed['scheme'] !== 'data') { + return false; + } + if (substr_count($parsed['path'], ';') === 1) { + list($type,) = explode(';', $parsed['path']); + } + $val = file_get_contents($val); + } return [ 'Content-Type' => $type, 'body' => $val |