diff options
author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-10-13 12:59:10 +0200 |
---|---|---|
committer | Morris Jobke <hey@morrisjobke.de> | 2016-10-20 15:15:48 +0200 |
commit | 08d688410747eba59c893a624942e9836749aa60 (patch) | |
tree | fb84c7116522b7034f6f2761bdcf6943c216654d /apps | |
parent | 5d7e9bb8fcbcd9a03cf0723c5258b41487850f7d (diff) | |
download | nextcloud-server-08d688410747eba59c893a624942e9836749aa60.tar.gz nextcloud-server-08d688410747eba59c893a624942e9836749aa60.zip |
Sanitize length headers when validating quota
Diffstat (limited to 'apps')
-rw-r--r-- | apps/dav/lib/Connector/Sabre/QuotaPlugin.php | 21 | ||||
-rw-r--r-- | apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php | 26 |
2 files changed, 25 insertions, 22 deletions
diff --git a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php index 484bb5129e8..4aef5fc8a5a 100644 --- a/apps/dav/lib/Connector/Sabre/QuotaPlugin.php +++ b/apps/dav/lib/Connector/Sabre/QuotaPlugin.php @@ -25,6 +25,11 @@ * */ namespace OCA\DAV\Connector\Sabre; +use OCP\Files\FileInfo; +use OCP\Files\StorageNotAvailableException; +use Sabre\DAV\Exception\InsufficientStorage; +use Sabre\DAV\Exception\ServiceUnavailable; +use Sabre\HTTP\URLUtil; /** * This plugin check user quota and deny creating files when they exceeds the quota. @@ -77,17 +82,16 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { * This method is called before any HTTP method and validates there is enough free space to store the file * * @param string $uri - * @param null $data - * @throws \Sabre\DAV\Exception\InsufficientStorage + * @throws InsufficientStorage * @return bool */ - public function checkQuota($uri, $data = null) { + public function checkQuota($uri) { $length = $this->getLength(); if ($length) { if (substr($uri, 0, 1) !== '/') { $uri = '/' . $uri; } - list($parentUri, $newName) = \Sabre\HTTP\URLUtil::splitPath($uri); + list($parentUri, $newName) = URLUtil::splitPath($uri); if(is_null($parentUri)) { $parentUri = ''; } @@ -102,11 +106,11 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { $uri = rtrim($parentUri, '/') . '/' . $info['name']; } $freeSpace = $this->getFreeSpace($uri); - if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN && $length > $freeSpace) { + if ($freeSpace !== FileInfo::SPACE_UNKNOWN && $length > $freeSpace) { if (isset($chunkHandler)) { $chunkHandler->cleanup(); } - throw new \Sabre\DAV\Exception\InsufficientStorage(); + throw new InsufficientStorage(); } } return true; @@ -136,13 +140,14 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin { /** * @param string $uri * @return mixed + * @throws ServiceUnavailable */ public function getFreeSpace($uri) { try { $freeSpace = $this->view->free_space(ltrim($uri, '/')); return $freeSpace; - } catch (\OCP\Files\StorageNotAvailableException $e) { - throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage()); + } catch (StorageNotAvailableException $e) { + throw new ServiceUnavailable($e->getMessage()); } } } diff --git a/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php b/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php index 89bc1ee8adb..b37abdc9b05 100644 --- a/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php +++ b/apps/dav/tests/unit/Connector/Sabre/QuotaPluginTest.php @@ -24,22 +24,20 @@ * */ namespace OCA\DAV\Tests\unit\Connector\Sabre; +use Test\TestCase; + /** * Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu> * This file is licensed under the Affero General Public License version 3 or * later. * See the COPYING-README file. */ -class QuotaPluginTest extends \Test\TestCase { +class QuotaPluginTest extends TestCase { - /** - * @var \Sabre\DAV\Server - */ + /** @var \Sabre\DAV\Server | \PHPUnit_Framework_MockObject_MockObject */ private $server; - /** - * @var \OCA\DAV\Connector\Sabre\QuotaPlugin - */ + /** @var \OCA\DAV\Connector\Sabre\QuotaPlugin | \PHPUnit_Framework_MockObject_MockObject */ private $plugin; private function init($quota, $checkedPath = '') { @@ -126,19 +124,19 @@ class QuotaPluginTest extends \Test\TestCase { } public function lengthProvider() { - return array( - array(null, array()), - array(1024, array('X-EXPECTED-ENTITY-LENGTH' => '1024')), - array(512, array('CONTENT-LENGTH' => '512')), - array(2048, array('OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024')), - array(4096, array('OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096')), + return [ + [null, []], + [1024, ['X-EXPECTED-ENTITY-LENGTH' => '1024']], + [512, ['CONTENT-LENGTH' => '512']], + [2048, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024']], + [4096, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096']], [null, ['X-EXPECTED-ENTITY-LENGTH' => 'A']], [null, ['CONTENT-LENGTH' => 'A']], [1024, ['OC-TOTAL-LENGTH' => 'A', 'CONTENT-LENGTH' => '1024']], [1024, ['OC-TOTAL-LENGTH' => 'A', 'X-EXPECTED-ENTITY-LENGTH' => '1024']], [null, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => 'A']], [null, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => 'A']], - ); + ]; } public function quotaChunkedOkProvider() { |