Make sure the log doesn't try to read from PUT if it can't
If a PUT request comes in that is not JSON or from encoded. Then we can only read it (exactly) once. If that is the case we must assume no shared secret is set. If we don't then we either are the first to read it, thus causing the real read of the data to fail. Or we are later and then it throws an exception (also failing the request). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
475d9e15b6
commit
c27722520c
|
@ -285,8 +285,16 @@ class Log implements ILogger {
|
||||||
if(isset($logCondition['shared_secret'])) {
|
if(isset($logCondition['shared_secret'])) {
|
||||||
$request = \OC::$server->getRequest();
|
$request = \OC::$server->getRequest();
|
||||||
|
|
||||||
|
if ($request->getMethod() === 'PUT' &&
|
||||||
|
strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
|
||||||
|
strpos($request->getHeader('Content-Type'), 'application/json') === false) {
|
||||||
|
$logSecretRequest = '';
|
||||||
|
} else {
|
||||||
|
$logSecretRequest = $request->getParam('log_secret', '');
|
||||||
|
}
|
||||||
|
|
||||||
// if token is found in the request change set the log condition to satisfied
|
// if token is found in the request change set the log condition to satisfied
|
||||||
if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) {
|
if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
|
||||||
$this->logConditionSatisfied = true;
|
$this->logConditionSatisfied = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue