Make sure the log doesn't try to read from PUT if it can't

If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.

If we don't then we either are the first to read it, thus causing the
real read of the data to fail.

Or we are later and then it throws an exception (also failing the
request).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-30 20:16:18 +02:00
parent 475d9e15b6
commit c27722520c
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 9 additions and 1 deletions

View File

@ -285,8 +285,16 @@ class Log implements ILogger {
if(isset($logCondition['shared_secret'])) { if(isset($logCondition['shared_secret'])) {
$request = \OC::$server->getRequest(); $request = \OC::$server->getRequest();
if ($request->getMethod() === 'PUT' &&
strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
strpos($request->getHeader('Content-Type'), 'application/json') === false) {
$logSecretRequest = '';
} else {
$logSecretRequest = $request->getParam('log_secret', '');
}
// if token is found in the request change set the log condition to satisfied // if token is found in the request change set the log condition to satisfied
if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) { if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
$this->logConditionSatisfied = true; $this->logConditionSatisfied = true;
} }
} }