diff options
author | Louis Chemineau <louis@chmn.me> | 2022-01-11 10:56:49 +0100 |
---|---|---|
committer | Louis Chemineau <louis@chmn.me> | 2022-01-11 17:10:14 +0100 |
commit | 69b8044b8f957c5a74396025608dd513c8f7ff7d (patch) | |
tree | a39db9e1f9753f59b6d7b7e3256ec655d8a93ee2 /apps/dav/lib | |
parent | b23934a45ec584e398835635584461a02c9b1dde (diff) | |
download | nextcloud-server-69b8044b8f957c5a74396025608dd513c8f7ff7d.tar.gz nextcloud-server-69b8044b8f957c5a74396025608dd513c8f7ff7d.zip |
Set the file's mtime from the headers in bulk upload
Signed-off-by: Louis Chemineau <louis@chmn.me>
Diffstat (limited to 'apps/dav/lib')
-rw-r--r-- | apps/dav/lib/BulkUpload/BulkUploadPlugin.php | 12 | ||||
-rw-r--r-- | apps/dav/lib/Connector/Sabre/MtimeSanitizer.php | 42 | ||||
-rw-r--r-- | apps/dav/lib/Connector/Sabre/Node.php | 15 |
3 files changed, 55 insertions, 14 deletions
diff --git a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php index 0766ae37a17..bb6baf48b56 100644 --- a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php +++ b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php @@ -29,6 +29,7 @@ use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; use OCP\Files\Folder; use OCP\AppFramework\Http; +use OCA\DAV\Connector\Sabre\MtimeSanitizer; class BulkUploadPlugin extends ServerPlugin { @@ -78,7 +79,18 @@ class BulkUploadPlugin extends ServerPlugin { } try { + // TODO: Remove 'x-file-mtime' when the desktop client no longer use it. + if (isset($headers['x-file-mtime'])) { + $mtime = MtimeSanitizer::sanitizeMtime($headers['x-file-mtime']); + } elseif (isset($headers['x-oc-mtime'])) { + $mtime = MtimeSanitizer::sanitizeMtime($headers['x-oc-mtime']); + } else { + $mtime = null; + } + $node = $this->userFolder->newFile($headers['x-file-path'], $content); + $node->touch($mtime); + $writtenFiles[$headers['x-file-path']] = [ "error" => false, "etag" => $node->getETag(), diff --git a/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php new file mode 100644 index 00000000000..6700b1eb81b --- /dev/null +++ b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php @@ -0,0 +1,42 @@ +<?php +/** + * @copyright Copyright (c) 2021, Louis Chemineau <louis@chmn.me> + * + * @author Louis Chemineau <louis@chmn.me> + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\DAV\Connector\Sabre; + +class MtimeSanitizer { + public static function sanitizeMtime(string $mtimeFromRequest): int { + // In PHP 5.X "is_numeric" returns true for strings in hexadecimal + // notation. This is no longer the case in PHP 7.X, so this check + // ensures that strings with hexadecimal notations fail too in PHP 5.X. + $isHexadecimal = preg_match('/^\s*0[xX]/', $mtimeFromRequest); + if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { + throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); + } + + // Prevent writing invalid mtime (timezone-proof) + if ((int)$mtimeFromRequest <= 24 * 60 * 60) { + throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); + } + + return (int)$mtimeFromRequest; + } +} diff --git a/apps/dav/lib/Connector/Sabre/Node.php b/apps/dav/lib/Connector/Sabre/Node.php index 0fc8a441277..79b4db0e327 100644 --- a/apps/dav/lib/Connector/Sabre/Node.php +++ b/apps/dav/lib/Connector/Sabre/Node.php @@ -404,19 +404,6 @@ abstract class Node implements \Sabre\DAV\INode { } protected function sanitizeMtime($mtimeFromRequest) { - // In PHP 5.X "is_numeric" returns true for strings in hexadecimal - // notation. This is no longer the case in PHP 7.X, so this check - // ensures that strings with hexadecimal notations fail too in PHP 5.X. - $isHexadecimal = is_string($mtimeFromRequest) && preg_match('/^\s*0[xX]/', $mtimeFromRequest); - if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { - throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); - } - - // Prevent writing invalid mtime (timezone-proof) - if ((int)$mtimeFromRequest <= 24 * 60 * 60) { - throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); - } - - return (int)$mtimeFromRequest; + return MtimeSanitizer::sanitizeMtime($mtimeFromRequest); } } |