open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(DAV): Check if the header is actually the expected format

Browse Source 
Not sure how the test ever passed as it can only
throw with strict types which are not yet enabled

Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/53146/head
Joas Schilling 4 months ago committed by Ferdinand Thiessen
parent 76e6ab1dff
commit 9978dcfd61
No known key found for this signature in database
GPG Key ID: 45FAE7268762B400
1 changed files with 6 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      apps/dav/lib/BulkUpload/MultipartRequestParser.php

6
apps/dav/lib/BulkUpload/MultipartRequestParser.php
Unescape View File

@ -57,7 +57,13 @@ class MultipartRequestParser {
*/
private function parseBoundaryFromHeaders(string $contentType): string {
try {
if (!str_contains($contentType, ';')) {
throw new \InvalidArgumentException('No semicolon in header');
}
[$mimeType, $boundary] = explode(';', $contentType);
if (!str_contains($boundary, '=')) {
throw new \InvalidArgumentException('No equal in boundary header');
}
[$boundaryKey, $boundaryValue] = explode('=', $boundary);
} catch (\Exception $e) {
throw new BadRequest('Error while parsing boundary in Content-Type header.', Http::STATUS_BAD_REQUEST, $e);

Write Preview
Loading…
Cancel
Save