Merge pull request #13558 from nextcloud/backport/13354/stable14
[stable14] check anonymous OPTIONS requests file in root (not in subdir)
This commit is contained in:
commit
dfad1cae2f
|
@ -45,12 +45,19 @@ class AnonymousOptionsPlugin extends ServerPlugin {
|
|||
$this->server->on('beforeMethod', [$this, 'handleAnonymousOptions'], 9);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return bool
|
||||
*/
|
||||
public function isRequestInRoot($path) {
|
||||
return $path === '' || (is_string($path) && strpos($path, '/') === FALSE);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws \Sabre\DAV\Exception\Forbidden
|
||||
* @return bool
|
||||
*/
|
||||
public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
|
||||
if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS') {
|
||||
if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS' && $this->isRequestInRoot($request->getPath())) {
|
||||
/** @var CorePlugin $corePlugin */
|
||||
$corePlugin = $this->server->getPlugin('core');
|
||||
// setup a fake tree for anonymous access
|
||||
|
|
|
@ -56,6 +56,12 @@ class AnonymousOptionsTest extends TestCase {
|
|||
|
||||
$this->assertEquals(200, $response->getStatus());
|
||||
}
|
||||
|
||||
public function testAnonymousOptionsNonRootSubDir() {
|
||||
$response = $this->sendRequest('OPTIONS', 'foo/bar');
|
||||
|
||||
$this->assertEquals(401, $response->getStatus());
|
||||
}
|
||||
}
|
||||
|
||||
class SapiMock extends Sapi {
|
||||
|
|
Loading…
Reference in New Issue