diff options
author | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-11-22 16:16:46 +0100 |
---|---|---|
committer | Daniel Kesselberg <mail@danielkesselberg.de> | 2024-11-22 16:16:46 +0100 |
commit | ca3733de234e03e384c7f1de22ff241e21bb1931 (patch) | |
tree | 811542570f4deacfccf8bf7dd78f4c7683604e9d /apps | |
parent | 6b383faf418dc7d748197cf30c65e5220dfd2def (diff) | |
download | nextcloud-server-ca3733de234e03e384c7f1de22ff241e21bb1931.tar.gz nextcloud-server-ca3733de234e03e384c7f1de22ff241e21bb1931.zip |
fix: Re-throwing the TypeError to prevent exposing the installation pathbug/48678/restore-dav-error-response
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/dav/lib/Connector/Sabre/Server.php | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Server.php b/apps/dav/lib/Connector/Sabre/Server.php index b7ca8a0a1c0..a7314d812dc 100644 --- a/apps/dav/lib/Connector/Sabre/Server.php +++ b/apps/dav/lib/Connector/Sabre/Server.php @@ -7,6 +7,9 @@ */ namespace OCA\DAV\Connector\Sabre; +use Sabre\DAV\Exception; +use Sabre\DAV\Version; + /** * Class \OCA\DAV\Connector\Sabre\Server * @@ -25,4 +28,93 @@ class Server extends \Sabre\DAV\Server { self::$exposeVersion = false; $this->enablePropfindDepthInfinity = true; } + + /** + * + * @return void + */ + public function start() { + try { + // If nginx (pre-1.2) is used as a proxy server, and SabreDAV as an + // origin, we must make sure we send back HTTP/1.0 if this was + // requested. + // This is mainly because nginx doesn't support Chunked Transfer + // Encoding, and this forces the webserver SabreDAV is running on, + // to buffer entire responses to calculate Content-Length. + $this->httpResponse->setHTTPVersion($this->httpRequest->getHTTPVersion()); + + // Setting the base url + $this->httpRequest->setBaseUrl($this->getBaseUri()); + $this->invokeMethod($this->httpRequest, $this->httpResponse); + } catch (\Throwable $e) { + if ($e instanceof \TypeError) { + /* + * The TypeError includes the file path where the error occurred, + * potentially revealing the installation directory. + * + * By re-throwing the exception, we ensure that the + * default exception handler processes it. + */ + throw $e; + } + + try { + $this->emit('exception', [$e]); + } catch (\Exception $ignore) { + } + + $DOM = new \DOMDocument('1.0', 'utf-8'); + $DOM->formatOutput = true; + + $error = $DOM->createElementNS('DAV:', 'd:error'); + $error->setAttribute('xmlns:s', self::NS_SABREDAV); + $DOM->appendChild($error); + + $h = function ($v) { + return htmlspecialchars((string)$v, ENT_NOQUOTES, 'UTF-8'); + }; + + if (self::$exposeVersion) { + $error->appendChild($DOM->createElement('s:sabredav-version', $h(Version::VERSION))); + } + + $error->appendChild($DOM->createElement('s:exception', $h(get_class($e)))); + $error->appendChild($DOM->createElement('s:message', $h($e->getMessage()))); + if ($this->debugExceptions) { + $error->appendChild($DOM->createElement('s:file', $h($e->getFile()))); + $error->appendChild($DOM->createElement('s:line', $h($e->getLine()))); + $error->appendChild($DOM->createElement('s:code', $h($e->getCode()))); + $error->appendChild($DOM->createElement('s:stacktrace', $h($e->getTraceAsString()))); + } + + if ($this->debugExceptions) { + $previous = $e; + while ($previous = $previous->getPrevious()) { + $xPrevious = $DOM->createElement('s:previous-exception'); + $xPrevious->appendChild($DOM->createElement('s:exception', $h(get_class($previous)))); + $xPrevious->appendChild($DOM->createElement('s:message', $h($previous->getMessage()))); + $xPrevious->appendChild($DOM->createElement('s:file', $h($previous->getFile()))); + $xPrevious->appendChild($DOM->createElement('s:line', $h($previous->getLine()))); + $xPrevious->appendChild($DOM->createElement('s:code', $h($previous->getCode()))); + $xPrevious->appendChild($DOM->createElement('s:stacktrace', $h($previous->getTraceAsString()))); + $error->appendChild($xPrevious); + } + } + + if ($e instanceof Exception) { + $httpCode = $e->getHTTPCode(); + $e->serialize($this, $error); + $headers = $e->getHTTPHeaders($this); + } else { + $httpCode = 500; + $headers = []; + } + $headers['Content-Type'] = 'application/xml; charset=utf-8'; + + $this->httpResponse->setStatus($httpCode); + $this->httpResponse->setHeaders($headers); + $this->httpResponse->setBody($DOM->saveXML()); + $this->sapi->sendResponse($this->httpResponse); + } + } } |