From 98aaed8912517ce4fe45d02f58385bd6a6a6c033 Mon Sep 17 00:00:00 2001
From: Julien Veyssier <julien-nc@posteo.net>
Date: Thu, 29 Aug 2024 15:46:55 +0200
Subject: fix(linkReferenceProvider): better size check

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
---
 .../Reference/LinkReferenceProvider.php              | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/public/Collaboration/Reference/LinkReferenceProvider.php b/lib/public/Collaboration/Reference/LinkReferenceProvider.php
index d41c1160c7c..3727be7de5b 100644
--- a/lib/public/Collaboration/Reference/LinkReferenceProvider.php
+++ b/lib/public/Collaboration/Reference/LinkReferenceProvider.php
@@ -131,8 +131,8 @@ class LinkReferenceProvider implements IReferenceProvider {
 		}
 
 		$linkContentLength = $headResponse->getHeader('Content-Length');
-		if (is_numeric($linkContentLength) && (int) $linkContentLength > self::MAX_CONTENT_LENGTH) {
-			$this->logger->debug('Skip resolving links pointing to content length > 5 MiB');
+		if (is_numeric($linkContentLength) && (int)$linkContentLength > self::MAX_CONTENT_LENGTH) {
+			$this->logger->debug('[Head] Skip resolving links pointing to content length > 5 MiB');
 			return;
 		}
 
@@ -146,18 +146,28 @@ class LinkReferenceProvider implements IReferenceProvider {
 		}
 
 		try {
-			$response = $client->get($reference->getId(), [ 'timeout' => 10 ]);
+			$response = $client->get($reference->getId(), [ 'timeout' => 10, 'stream' => true ]);
 		} catch (\Exception $e) {
 			$this->logger->debug('Failed to fetch link for obtaining open graph data', ['exception' => $e]);
 			return;
 		}
 
-		$responseBody = (string)$response->getBody();
+		$body = $response->getBody();
+		if (is_resource($body)) {
+			$responseContent = fread($body, self::MAX_CONTENT_LENGTH);
+			if (!feof($body)) {
+				$this->logger->debug('[Get] Skip resolving links pointing to content length > 5 MiB');
+				return;
+			}
+		} else {
+			$this->logger->error('[Get] Impossible to check content length');
+			return;
+		}
 
 		// OpenGraph handling
 		$consumer = new Consumer();
 		$consumer->useFallbackMode = true;
-		$object = $consumer->loadHtml($responseBody);
+		$object = $consumer->loadHtml($responseContent);
 
 		$reference->setUrl($reference->getId());
 
-- 
cgit v1.2.3