From 80a232da6a5470e248979cfde7b1e4e2237b8284 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 6 Oct 2015 14:18:46 +0200
Subject: Add \OCP\IRequest::getHttpProtocol

Only allow valid HTTP protocols.

Ref https://github.com/owncloud/core/pull/19537#discussion_r41252333 + https://github.com/owncloud/security-tracker/issues/119
---
 lib/private/appframework/http/request.php | 21 +++++++++++++++++++++
 lib/public/irequest.php                   |  8 ++++++++
 2 files changed, 29 insertions(+)

(limited to 'lib')

diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 29414b92f7c..cfd903bffe5 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -552,6 +552,27 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 		return 'http';
 	}
 
+	/**
+	 * Returns the used HTTP protocol.
+	 *
+	 * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0.
+	 */
+	public function getHttpProtocol() {
+		$claimedProtocol = strtoupper($this->server['SERVER_PROTOCOL']);
+
+		$validProtocols = [
+			'HTTP/1.0',
+			'HTTP/1.1',
+			'HTTP/2',
+		];
+
+		if(in_array($claimedProtocol, $validProtocols, true)) {
+			return $claimedProtocol;
+		}
+
+		return 'HTTP/1.1';
+	}
+
 	/**
 	 * Returns the request uri, even if the website uses one or more
 	 * reverse proxies
diff --git a/lib/public/irequest.php b/lib/public/irequest.php
index 20fa543dd69..acfc4f3f1d0 100644
--- a/lib/public/irequest.php
+++ b/lib/public/irequest.php
@@ -167,6 +167,14 @@ interface IRequest {
 	 */
 	public function getServerProtocol();
 
+	/**
+	 * Returns the used HTTP protocol.
+	 *
+	 * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0.
+	 * @since 8.2.0
+	 */
+	public function getHttpProtocol();
+
 	/**
 	* Returns the request uri, even if the website uses one or more
 	* reverse proxies
-- 
cgit v1.2.3