|
|
|
|
@ -14,12 +14,22 @@ class MtimeSanitizer { |
|
|
|
|
// ensures that strings with hexadecimal notations fail too in PHP 5.X. |
|
|
|
|
$isHexadecimal = preg_match('/^\s*0[xX]/', $mtimeFromRequest); |
|
|
|
|
if ($isHexadecimal || !is_numeric($mtimeFromRequest)) { |
|
|
|
|
throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); |
|
|
|
|
throw new \InvalidArgumentException( |
|
|
|
|
sprintf( |
|
|
|
|
'X-OC-MTime header must be a valid integer (unix timestamp), got "%s".', |
|
|
|
|
$mtimeFromRequest |
|
|
|
|
) |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Prevent writing invalid mtime (timezone-proof) |
|
|
|
|
if ((int)$mtimeFromRequest <= 24 * 60 * 60) { |
|
|
|
|
throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); |
|
|
|
|
throw new \InvalidArgumentException( |
|
|
|
|
sprintf( |
|
|
|
|
'X-OC-MTime header must be a valid positive unix timestamp greater than one day, got "%s".', |
|
|
|
|
$mtimeFromRequest |
|
|
|
|
) |
|
|
|
|
); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return (int)$mtimeFromRequest; |
|
|
|
|
|
Git'Fellow
9 months ago
committed by