Sanitize length headers when validating quota
This commit is contained in:
parent
5d7e9bb8fc
commit
08d6884107
|
@ -25,6 +25,11 @@
|
|||
*
|
||||
*/
|
||||
namespace OCA\DAV\Connector\Sabre;
|
||||
use OCP\Files\FileInfo;
|
||||
use OCP\Files\StorageNotAvailableException;
|
||||
use Sabre\DAV\Exception\InsufficientStorage;
|
||||
use Sabre\DAV\Exception\ServiceUnavailable;
|
||||
use Sabre\HTTP\URLUtil;
|
||||
|
||||
/**
|
||||
* This plugin check user quota and deny creating files when they exceeds the quota.
|
||||
|
@ -77,17 +82,16 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
* This method is called before any HTTP method and validates there is enough free space to store the file
|
||||
*
|
||||
* @param string $uri
|
||||
* @param null $data
|
||||
* @throws \Sabre\DAV\Exception\InsufficientStorage
|
||||
* @throws InsufficientStorage
|
||||
* @return bool
|
||||
*/
|
||||
public function checkQuota($uri, $data = null) {
|
||||
public function checkQuota($uri) {
|
||||
$length = $this->getLength();
|
||||
if ($length) {
|
||||
if (substr($uri, 0, 1) !== '/') {
|
||||
$uri = '/' . $uri;
|
||||
}
|
||||
list($parentUri, $newName) = \Sabre\HTTP\URLUtil::splitPath($uri);
|
||||
list($parentUri, $newName) = URLUtil::splitPath($uri);
|
||||
if(is_null($parentUri)) {
|
||||
$parentUri = '';
|
||||
}
|
||||
|
@ -102,11 +106,11 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
$uri = rtrim($parentUri, '/') . '/' . $info['name'];
|
||||
}
|
||||
$freeSpace = $this->getFreeSpace($uri);
|
||||
if ($freeSpace !== \OCP\Files\FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
|
||||
if ($freeSpace !== FileInfo::SPACE_UNKNOWN && $length > $freeSpace) {
|
||||
if (isset($chunkHandler)) {
|
||||
$chunkHandler->cleanup();
|
||||
}
|
||||
throw new \Sabre\DAV\Exception\InsufficientStorage();
|
||||
throw new InsufficientStorage();
|
||||
}
|
||||
}
|
||||
return true;
|
||||
|
@ -136,13 +140,14 @@ class QuotaPlugin extends \Sabre\DAV\ServerPlugin {
|
|||
/**
|
||||
* @param string $uri
|
||||
* @return mixed
|
||||
* @throws ServiceUnavailable
|
||||
*/
|
||||
public function getFreeSpace($uri) {
|
||||
try {
|
||||
$freeSpace = $this->view->free_space(ltrim($uri, '/'));
|
||||
return $freeSpace;
|
||||
} catch (\OCP\Files\StorageNotAvailableException $e) {
|
||||
throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
|
||||
} catch (StorageNotAvailableException $e) {
|
||||
throw new ServiceUnavailable($e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,22 +24,20 @@
|
|||
*
|
||||
*/
|
||||
namespace OCA\DAV\Tests\unit\Connector\Sabre;
|
||||
use Test\TestCase;
|
||||
|
||||
/**
|
||||
* Copyright (c) 2013 Thomas Müller <thomas.mueller@tmit.eu>
|
||||
* This file is licensed under the Affero General Public License version 3 or
|
||||
* later.
|
||||
* See the COPYING-README file.
|
||||
*/
|
||||
class QuotaPluginTest extends \Test\TestCase {
|
||||
class QuotaPluginTest extends TestCase {
|
||||
|
||||
/**
|
||||
* @var \Sabre\DAV\Server
|
||||
*/
|
||||
/** @var \Sabre\DAV\Server | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $server;
|
||||
|
||||
/**
|
||||
* @var \OCA\DAV\Connector\Sabre\QuotaPlugin
|
||||
*/
|
||||
/** @var \OCA\DAV\Connector\Sabre\QuotaPlugin | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $plugin;
|
||||
|
||||
private function init($quota, $checkedPath = '') {
|
||||
|
@ -126,19 +124,19 @@ class QuotaPluginTest extends \Test\TestCase {
|
|||
}
|
||||
|
||||
public function lengthProvider() {
|
||||
return array(
|
||||
array(null, array()),
|
||||
array(1024, array('X-EXPECTED-ENTITY-LENGTH' => '1024')),
|
||||
array(512, array('CONTENT-LENGTH' => '512')),
|
||||
array(2048, array('OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024')),
|
||||
array(4096, array('OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096')),
|
||||
return [
|
||||
[null, []],
|
||||
[1024, ['X-EXPECTED-ENTITY-LENGTH' => '1024']],
|
||||
[512, ['CONTENT-LENGTH' => '512']],
|
||||
[2048, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => '1024']],
|
||||
[4096, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => '4096']],
|
||||
[null, ['X-EXPECTED-ENTITY-LENGTH' => 'A']],
|
||||
[null, ['CONTENT-LENGTH' => 'A']],
|
||||
[1024, ['OC-TOTAL-LENGTH' => 'A', 'CONTENT-LENGTH' => '1024']],
|
||||
[1024, ['OC-TOTAL-LENGTH' => 'A', 'X-EXPECTED-ENTITY-LENGTH' => '1024']],
|
||||
[null, ['OC-TOTAL-LENGTH' => '2048', 'X-EXPECTED-ENTITY-LENGTH' => 'A']],
|
||||
[null, ['OC-TOTAL-LENGTH' => '2048', 'CONTENT-LENGTH' => 'A']],
|
||||
);
|
||||
];
|
||||
}
|
||||
|
||||
public function quotaChunkedOkProvider() {
|
||||
|
|
Loading…
Reference in New Issue