upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-13 10:40:40 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

add restrictions on content-type and content-size when downloading to resolve with opengraph link provider

Browse source 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
This commit is contained in:
Julien Veyssier 2023-01-05 12:17:55 +01:00 committed by backportbot-nextcloud[bot]
parent 4694287410
commit 80b05e111c
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/private/Collaboration/Reference/LinkReferenceProvider.php
View file

@ -104,6 +104,22 @@ class LinkReferenceProvider implements IReferenceProvider {
}
$client = $this->clientService->newClient();
try {
$headResponse = $client->head($reference->getId(), [ 'timeout' => 10 ]);
} catch (\Exception $e) {
$this->logger->debug('Failed to perform HEAD request to get target metadata', ['exception' => $e]);
return;
}
$linkContentLength = $headResponse->getHeader('Content-Length');
if (is_numeric($linkContentLength) && (int) $linkContentLength > 5 * 1024 * 1024) {
$this->logger->debug('Skip resolving links pointing to content length > 5 MB');
return;
}
$linkContentType = $headResponse->getHeader('Content-Type');
if ($linkContentType !== 'text/html') {
$this->logger->debug('Skip resolving links pointing to content type that is not "text/html"');
return;
}
try {
$response = $client->get($reference->getId(), [ 'timeout' => 10 ]);
} catch (\Exception $e) {