From 69b8044b8f957c5a74396025608dd513c8f7ff7d Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Tue, 11 Jan 2022 10:56:49 +0100 Subject: Set the file's mtime from the headers in bulk upload Signed-off-by: Louis Chemineau --- apps/dav/lib/Connector/Sabre/MtimeSanitizer.php | 42 +++++++++++++++++++++++++ apps/dav/lib/Connector/Sabre/Node.php | 15 +-------- 2 files changed, 43 insertions(+), 14 deletions(-) create mode 100644 apps/dav/lib/Connector/Sabre/MtimeSanitizer.php (limited to 'apps/dav/lib/Connector') diff --git a/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php new file mode 100644 index 00000000000..6700b1eb81b --- /dev/null +++ b/apps/dav/lib/Connector/Sabre/MtimeSanitizer.php @@ -0,0 +1,42 @@ + + * + * @author Louis Chemineau + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\DAV\Connector\Sabre; + +class MtimeSanitizer { + public static function sanitizeMtime(string $mtimeFromRequest): int { + // In PHP 5.X "is_numeric" returns true for strings in hexadecimal + // notation. This is no longer the case in PHP 7.X, so this check + // ensures that strings with hexadecimal notations fail too in PHP 5.X. + $isHexadecimal = preg_match('/^\s*0[xX]/', $mtimeFromRequest); + if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { + throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); + } + + // Prevent writing invalid mtime (timezone-proof) + if ((int)$mtimeFromRequest <= 24 * 60 * 60) { + throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); + } + + return (int)$mtimeFromRequest; + } +} diff --git a/apps/dav/lib/Connector/Sabre/Node.php b/apps/dav/lib/Connector/Sabre/Node.php index 0fc8a441277..79b4db0e327 100644 --- a/apps/dav/lib/Connector/Sabre/Node.php +++ b/apps/dav/lib/Connector/Sabre/Node.php @@ -404,19 +404,6 @@ abstract class Node implements \Sabre\DAV\INode { } protected function sanitizeMtime($mtimeFromRequest) { - // In PHP 5.X "is_numeric" returns true for strings in hexadecimal - // notation. This is no longer the case in PHP 7.X, so this check - // ensures that strings with hexadecimal notations fail too in PHP 5.X. - $isHexadecimal = is_string($mtimeFromRequest) && preg_match('/^\s*0[xX]/', $mtimeFromRequest); - if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { - throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); - } - - // Prevent writing invalid mtime (timezone-proof) - if ((int)$mtimeFromRequest <= 24 * 60 * 60) { - throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); - } - - return (int)$mtimeFromRequest; + return MtimeSanitizer::sanitizeMtime($mtimeFromRequest); } } -- cgit v1.2.3