diff options
| author | Julien Veyssier <julien-nc@posteo.net> | 2023-01-05 12:17:55 +0100 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2023-01-05 15:38:59 +0000 |
| commit | 80b05e111c8c02da78e332d77a5ce65d2a71967b (patch) | |
| tree | 1e6479e4a98de3f892983889f6e243504df796c8 /lib | |
| parent | 4694287410f2b6a06b05ff55308b63474f8cebec (diff) | |
| download | nextcloud-server-80b05e111c8c02da78e332d77a5ce65d2a71967b.tar.gz nextcloud-server-80b05e111c8c02da78e332d77a5ce65d2a71967b.zip | |
add restrictions on content-type and content-size when downloading to resolve with opengraph link provider
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Collaboration/Reference/LinkReferenceProvider.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/private/Collaboration/Reference/LinkReferenceProvider.php b/lib/private/Collaboration/Reference/LinkReferenceProvider.php index 5597df1ca97..583cbdcfe99 100644 --- a/lib/private/Collaboration/Reference/LinkReferenceProvider.php +++ b/lib/private/Collaboration/Reference/LinkReferenceProvider.php @@ -105,6 +105,22 @@ class LinkReferenceProvider implements IReferenceProvider { $client = $this->clientService->newClient(); try { + $headResponse = $client->head($reference->getId(), [ 'timeout' => 10 ]); + } catch (\Exception $e) { + $this->logger->debug('Failed to perform HEAD request to get target metadata', ['exception' => $e]); + return; + } + $linkContentLength = $headResponse->getHeader('Content-Length'); + if (is_numeric($linkContentLength) && (int) $linkContentLength > 5 * 1024 * 1024) { + $this->logger->debug('Skip resolving links pointing to content length > 5 MB'); + return; + } + $linkContentType = $headResponse->getHeader('Content-Type'); + if ($linkContentType !== 'text/html') { + $this->logger->debug('Skip resolving links pointing to content type that is not "text/html"'); + return; + } + try { $response = $client->get($reference->getId(), [ 'timeout' => 10 ]); } catch (\Exception $e) { $this->logger->debug('Failed to fetch link for obtaining open graph data', ['exception' => $e]); |