diff options
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/composer/composer/ClassLoader.php | 2 | ||||
-rw-r--r-- | apps/dav/composer/composer/autoload_classmap.php | 1 | ||||
-rw-r--r-- | apps/dav/composer/composer/autoload_static.php | 1 | ||||
-rw-r--r-- | apps/dav/composer/composer/installed.php | 4 | ||||
-rw-r--r-- | apps/dav/lib/BulkUpload/BulkUploadPlugin.php | 12 | ||||
-rw-r--r-- | apps/dav/lib/Connector/Sabre/MtimeSanitizer.php | 42 | ||||
-rw-r--r-- | apps/dav/lib/Connector/Sabre/Node.php | 15 | ||||
-rwxr-xr-x | apps/dav/tests/benchmarks/bulk_upload.sh | 2 |
8 files changed, 61 insertions, 18 deletions
diff --git a/apps/dav/composer/composer/ClassLoader.php b/apps/dav/composer/composer/ClassLoader.php index 0cd6055d1b7..afef3fa2ad8 100644 --- a/apps/dav/composer/composer/ClassLoader.php +++ b/apps/dav/composer/composer/ClassLoader.php @@ -149,7 +149,7 @@ class ClassLoader /** * @return string[] Array of classname => path - * @psalm-var array<string, string> + * @psalm-return array<string, string> */ public function getClassMap() { diff --git a/apps/dav/composer/composer/autoload_classmap.php b/apps/dav/composer/composer/autoload_classmap.php index fa83c05578d..184949ff023 100644 --- a/apps/dav/composer/composer/autoload_classmap.php +++ b/apps/dav/composer/composer/autoload_classmap.php @@ -163,6 +163,7 @@ return array( 'OCA\\DAV\\Connector\\Sabre\\FilesReportPlugin' => $baseDir . '/../lib/Connector/Sabre/FilesReportPlugin.php', 'OCA\\DAV\\Connector\\Sabre\\LockPlugin' => $baseDir . '/../lib/Connector/Sabre/LockPlugin.php', 'OCA\\DAV\\Connector\\Sabre\\MaintenancePlugin' => $baseDir . '/../lib/Connector/Sabre/MaintenancePlugin.php', + 'OCA\\DAV\\Connector\\Sabre\\MtimeSanitizer' => $baseDir . '/../lib/Connector/Sabre/MtimeSanitizer.php', 'OCA\\DAV\\Connector\\Sabre\\Node' => $baseDir . '/../lib/Connector/Sabre/Node.php', 'OCA\\DAV\\Connector\\Sabre\\ObjectTree' => $baseDir . '/../lib/Connector/Sabre/ObjectTree.php', 'OCA\\DAV\\Connector\\Sabre\\Principal' => $baseDir . '/../lib/Connector/Sabre/Principal.php', diff --git a/apps/dav/composer/composer/autoload_static.php b/apps/dav/composer/composer/autoload_static.php index 8f8ca0da10b..2e5fcd56aee 100644 --- a/apps/dav/composer/composer/autoload_static.php +++ b/apps/dav/composer/composer/autoload_static.php @@ -178,6 +178,7 @@ class ComposerStaticInitDAV 'OCA\\DAV\\Connector\\Sabre\\FilesReportPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/FilesReportPlugin.php', 'OCA\\DAV\\Connector\\Sabre\\LockPlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/LockPlugin.php', 'OCA\\DAV\\Connector\\Sabre\\MaintenancePlugin' => __DIR__ . '/..' . '/../lib/Connector/Sabre/MaintenancePlugin.php', + 'OCA\\DAV\\Connector\\Sabre\\MtimeSanitizer' => __DIR__ . '/..' . '/../lib/Connector/Sabre/MtimeSanitizer.php', 'OCA\\DAV\\Connector\\Sabre\\Node' => __DIR__ . '/..' . '/../lib/Connector/Sabre/Node.php', 'OCA\\DAV\\Connector\\Sabre\\ObjectTree' => __DIR__ . '/..' . '/../lib/Connector/Sabre/ObjectTree.php', 'OCA\\DAV\\Connector\\Sabre\\Principal' => __DIR__ . '/..' . '/../lib/Connector/Sabre/Principal.php', diff --git a/apps/dav/composer/composer/installed.php b/apps/dav/composer/composer/installed.php index 5440719fa40..baf72c4fb34 100644 --- a/apps/dav/composer/composer/installed.php +++ b/apps/dav/composer/composer/installed.php @@ -5,7 +5,7 @@ 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), - 'reference' => 'c6429e6cd19c57582364338362e543580821cf99', + 'reference' => 'e2c675724fc4ea50f1275bf0027b96f277c32578', 'name' => '__root__', 'dev' => false, ), @@ -16,7 +16,7 @@ 'type' => 'library', 'install_path' => __DIR__ . '/../', 'aliases' => array(), - 'reference' => 'c6429e6cd19c57582364338362e543580821cf99', + 'reference' => 'e2c675724fc4ea50f1275bf0027b96f277c32578', 'dev_requirement' => false, ), ), diff --git a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php index 0766ae37a17..bb6baf48b56 100644 --- a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php +++ b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php @@ -29,6 +29,7 @@ use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; use OCP\Files\Folder; use OCP\AppFramework\Http; +use OCA\DAV\Connector\Sabre\MtimeSanitizer; class BulkUploadPlugin extends ServerPlugin { @@ -78,7 +79,18 @@ class BulkUploadPlugin extends ServerPlugin { } try { + // TODO: Remove 'x-file-mtime' when the desktop client no longer use it. + if (isset($headers['x-file-mtime'])) { + $mtime = MtimeSanitizer::sanitizeMtime($headers['x-file-mtime']); + } elseif (isset($headers['x-oc-mtime'])) { + $mtime = MtimeSanitizer::sanitizeMtime($headers['x-oc-mtime']); + } else { + $mtime = null; + } + $node = $this->userFolder->newFile($headers['x-file-path'], $content); + $node->touch($mtime); + $writtenFiles[$headers['x-file-path']] = [ "error" => false, "etag" => $node->getETag(), diff --git a/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php new file mode 100644 index 00000000000..6700b1eb81b --- /dev/null +++ b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php @@ -0,0 +1,42 @@ +<?php +/** + * @copyright Copyright (c) 2021, Louis Chemineau <louis@chmn.me> + * + * @author Louis Chemineau <louis@chmn.me> + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\DAV\Connector\Sabre; + +class MtimeSanitizer { + public static function sanitizeMtime(string $mtimeFromRequest): int { + // In PHP 5.X "is_numeric" returns true for strings in hexadecimal + // notation. This is no longer the case in PHP 7.X, so this check + // ensures that strings with hexadecimal notations fail too in PHP 5.X. + $isHexadecimal = preg_match('/^\s*0[xX]/', $mtimeFromRequest); + if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { + throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); + } + + // Prevent writing invalid mtime (timezone-proof) + if ((int)$mtimeFromRequest <= 24 * 60 * 60) { + throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); + } + + return (int)$mtimeFromRequest; + } +} diff --git a/apps/dav/lib/Connector/Sabre/Node.php b/apps/dav/lib/Connector/Sabre/Node.php index 0fc8a441277..79b4db0e327 100644 --- a/apps/dav/lib/Connector/Sabre/Node.php +++ b/apps/dav/lib/Connector/Sabre/Node.php @@ -404,19 +404,6 @@ abstract class Node implements \Sabre\DAV\INode { } protected function sanitizeMtime($mtimeFromRequest) { - // In PHP 5.X "is_numeric" returns true for strings in hexadecimal - // notation. This is no longer the case in PHP 7.X, so this check - // ensures that strings with hexadecimal notations fail too in PHP 5.X. - $isHexadecimal = is_string($mtimeFromRequest) && preg_match('/^\s*0[xX]/', $mtimeFromRequest); - if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { - throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); - } - - // Prevent writing invalid mtime (timezone-proof) - if ((int)$mtimeFromRequest <= 24 * 60 * 60) { - throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); - } - - return (int)$mtimeFromRequest; + return MtimeSanitizer::sanitizeMtime($mtimeFromRequest); } } diff --git a/apps/dav/tests/benchmarks/bulk_upload.sh b/apps/dav/tests/benchmarks/bulk_upload.sh index 862ddfe461f..e2099188654 100755 --- a/apps/dav/tests/benchmarks/bulk_upload.sh +++ b/apps/dav/tests/benchmarks/bulk_upload.sh @@ -37,7 +37,7 @@ do echo -en "--$BOUNDARY\r\n" # echo -en "Content-ID: $file_name\r\n" echo -en "X-File-Path: $file_remote_path\r\n" - echo -en "X-File-Mtime: $file_mtime\r\n" + echo -en "X-OC-Mtime: $file_mtime\r\n" # echo -en "X-File-Id: $file_id\r\n" echo -en "X-File-Md5: $file_hash\r\n" echo -en "Content-Length: $file_size\r\n" |