upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-22 14:50:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 53

Make sure the log doesn't try to read from PUT if it can't

Browse source 
If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.

If we don't then we either are the first to read it, thus causing the
real read of the data to fail.

Or we are later and then it throws an exception (also failing the
request).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-30 20:03:41 +02:00
parent 2dd49206c7
commit a52d206684
No known key found for this signature in database
GPG key ID: F941078878347C0C
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/private/Log.php
View file

@ -233,8 +233,16 @@ class Log implements ILogger {
if (isset($logCondition['shared_secret'])) {
$request = \OC::$server->getRequest();
if ($request->getMethod() === 'PUT' &&
strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
strpos($request->getHeader('Content-Type'), 'application/json') === false) {
$logSecretRequest = '';
} else {
$logSecretRequest = $request->getParam('log_secret', '');
}
// if token is found in the request change set the log condition to satisfied
if ($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) {
if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
$this->logConditionSatisfied = true;
}
}