summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
Diffstat (limited to 'apps')
-rw-r--r--apps/dav/lib/Connector/Sabre/File.php6
-rw-r--r--apps/dav/tests/unit/Connector/Sabre/FileTest.php2
2 files changed, 6 insertions, 2 deletions
diff --git a/apps/dav/lib/Connector/Sabre/File.php b/apps/dav/lib/Connector/Sabre/File.php
index 2d20c0958ff..32cc8b7adeb 100644
--- a/apps/dav/lib/Connector/Sabre/File.php
+++ b/apps/dav/lib/Connector/Sabre/File.php
@@ -590,7 +590,11 @@ class File extends Node implements IFile {
}
private function sanitizeMtime($mtimeFromRequest) {
- if (!is_numeric($mtimeFromRequest)) {
+ // In PHP 5.X "is_numeric" returns true for strings in hexadecimal
+ // notation. This is no longer the case in PHP 7.X, so this check
+ // ensures that strings with hexadecimal notations fail too in PHP 5.X.
+ $isHexadecimal = is_string($mtimeFromRequest) && preg_match('/^\s*0[xX]/', $mtimeFromRequest);
+ if ($isHexadecimal || !is_numeric($mtimeFromRequest)) {
throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).');
}
diff --git a/apps/dav/tests/unit/Connector/Sabre/FileTest.php b/apps/dav/tests/unit/Connector/Sabre/FileTest.php
index 2bc65b987b7..1db9b7948e3 100644
--- a/apps/dav/tests/unit/Connector/Sabre/FileTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/FileTest.php
@@ -370,7 +370,7 @@ class FileTest extends \Test\TestCase {
],
"string castable hex int" => [
'HTTP_X_OC_MTIME' => "0x45adf",
- 'expected result' => 0
+ 'expected result' => null
],
"string that looks like invalid hex int" => [
'HTTP_X_OC_MTIME' => "0x123g",
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 19:03:42 +0000