mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Make sure the log doesn't try to read from PUT if it can't 

If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.

If we don't then we either are the first to read it, thus causing the
real read of the data to fail.

Or we are later and then it throws an exception (also failing the
request).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-30 20:16:18 +02:00
parent 4c1f88efb1
commit 188a41a2be
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/private/Log.php
View File

@ -293,8 +293,16 @@ class Log implements ILogger {
if(isset($logCondition['shared_secret'])) {
$request = \OC::$server->getRequest();
if ($request->getMethod() === 'PUT' &&
strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
strpos($request->getHeader('Content-Type'), 'application/json') === false) {
$logSecretRequest = '';
} else {
$logSecretRequest = $request->getParam('log_secret', '');
}
// if token is found in the request change set the log condition to satisfied
if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) {
if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
$this->logConditionSatisfied = true;
}
}