Make sure the log doesn't try to read from PUT if it can't

If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.

If we don't then we either are the first to read it, thus causing the
real read of the data to fail.

Or we are later and then it throws an exception (also failing the
request).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

1 files changed, 9 insertions, 1 deletions

diff --git a/lib/private/Log.php b/lib/private/Log.php
index bed0321bef3..418d388e380 100644
--- a/lib/private/Log.php
+++ b/lib/private/Log.php
@@ -293,8 +293,16 @@ class Log implements ILogger {
 				if(isset($logCondition['shared_secret'])) {
 					$request = \OC::$server->getRequest();
 
+					if ($request->getMethod() === 'PUT' &&
+						strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
+						strpos($request->getHeader('Content-Type'), 'application/json') === false) {
+						$logSecretRequest = '';
+					} else {
+						$logSecretRequest = $request->getParam('log_secret', '');
+					}
+
 					// if token is found in the request change set the log condition to satisfied
-					if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) {
+					if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
 						$this->logConditionSatisfied = true;
 					}
 				}