diff options
Diffstat (limited to 'apps/dav/lib/BulkUpload')
| -rw-r--r-- | apps/dav/lib/BulkUpload/BulkUploadPlugin.php | 2 | ||||
| -rw-r--r-- | apps/dav/lib/BulkUpload/MultipartRequestParser.php | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php index 66e2a9efa2e..4d838d255eb 100644 --- a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php +++ b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php @@ -65,7 +65,7 @@ class BulkUploadPlugin extends ServerPlugin { return true; } - $multiPartParser = new MultipartRequestParser($request); + $multiPartParser = new MultipartRequestParser($request, $this->logger); $writtenFiles = []; while (!$multiPartParser->isAtLastBoundary()) { diff --git a/apps/dav/lib/BulkUpload/MultipartRequestParser.php b/apps/dav/lib/BulkUpload/MultipartRequestParser.php index 930e86c28b5..2541ea8f333 100644 --- a/apps/dav/lib/BulkUpload/MultipartRequestParser.php +++ b/apps/dav/lib/BulkUpload/MultipartRequestParser.php @@ -23,6 +23,7 @@ namespace OCA\DAV\BulkUpload; use OCP\AppFramework\Http; +use Psr\Log\LoggerInterface; use Sabre\DAV\Exception; use Sabre\DAV\Exception\BadRequest; use Sabre\DAV\Exception\LengthRequired; @@ -42,7 +43,10 @@ class MultipartRequestParser { /** * @throws BadRequest */ - public function __construct(RequestInterface $request) { + public function __construct( + RequestInterface $request, + protected LoggerInterface $logger, + ) { $stream = $request->getBody(); $contentType = $request->getHeader('Content-Type'); @@ -78,7 +82,7 @@ class MultipartRequestParser { $boundaryValue = trim($boundaryValue); // Remove potential quotes around boundary value. - if (substr($boundaryValue, 0, 1) == '"' && substr($boundaryValue, -1) == '"') { + if (substr($boundaryValue, 0, 1) === '"' && substr($boundaryValue, -1) === '"') { $boundaryValue = substr($boundaryValue, 1, -1); } @@ -179,6 +183,11 @@ class MultipartRequestParser { throw new Exception('An error occurred while reading headers of a part'); } + if (!str_contains($line, ':')) { + $this->logger->error('Header missing ":" on bulk request: ' . json_encode($line)); + throw new Exception('An error occurred while reading headers of a part', Http::STATUS_BAD_REQUEST); + } + try { [$key, $value] = explode(':', $line, 2); $headers[strtolower(trim($key))] = trim($value); |