Ensure that X-OC-MTime header is an integer also with chunked uploads

This commit extends the changes introduced in pull request #3793 also to
chunked uploads.

The "sanitizeMTime" method name is the same used in the equivalent pull
request to this one from ownCloud (28066).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit is contained in:
Daniel Calviño Sánchez 2017-11-27 19:41:25 +01:00
parent 892d2630fe
commit 01e346b2ae
1 changed files with 11 additions and 6 deletions

View File

@ -210,11 +210,7 @@ class File extends Node implements IFile {
// allow sync clients to send the mtime along in a header // allow sync clients to send the mtime along in a header
$request = \OC::$server->getRequest(); $request = \OC::$server->getRequest();
if (isset($request->server['HTTP_X_OC_MTIME'])) { if (isset($request->server['HTTP_X_OC_MTIME'])) {
$mtimeStr = $request->server['HTTP_X_OC_MTIME']; $mtime = $this->sanitizeMtime($request->server['HTTP_X_OC_MTIME']);
if (!is_numeric($mtimeStr)) {
throw new \InvalidArgumentException('X-OC-Mtime header must be an integer (unix timestamp).');
}
$mtime = intval($mtimeStr);
if ($this->fileView->touch($this->path, $mtime)) { if ($this->fileView->touch($this->path, $mtime)) {
header('X-OC-MTime: accepted'); header('X-OC-MTime: accepted');
} }
@ -472,7 +468,8 @@ class File extends Node implements IFile {
// allow sync clients to send the mtime along in a header // allow sync clients to send the mtime along in a header
$request = \OC::$server->getRequest(); $request = \OC::$server->getRequest();
if (isset($request->server['HTTP_X_OC_MTIME'])) { if (isset($request->server['HTTP_X_OC_MTIME'])) {
if ($targetStorage->touch($targetInternalPath, $request->server['HTTP_X_OC_MTIME'])) { $mtime = $this->sanitizeMtime($request->server['HTTP_X_OC_MTIME']);
if ($targetStorage->touch($targetInternalPath, $mtime)) {
header('X-OC-MTime: accepted'); header('X-OC-MTime: accepted');
} }
} }
@ -570,6 +567,14 @@ class File extends Node implements IFile {
throw new \Sabre\DAV\Exception($e->getMessage(), 0, $e); throw new \Sabre\DAV\Exception($e->getMessage(), 0, $e);
} }
private function sanitizeMtime($mtimeFromRequest) {
if (!is_numeric($mtimeFromRequest)) {
throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).');
}
return intval($mtimeFromRequest);
}
/** /**
* Get the checksum for this file * Get the checksum for this file
* *