diff options
author | blizzz <blizzz@arthur-schiwon.de> | 2022-09-08 14:33:43 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-08 14:33:43 +0300 |
commit | ad68a6cb77a4d92bb7fbaff93899f84eea047643 (patch) | |
tree | e416ec12bf83e58e7cbb2b287fee5cd2f6fb07aa | |
parent | e007550794db94cdd63baa89a1f2cb72f7f32e09 (diff) | |
parent | 5671a46eb3b6e22980dbf1431e10a070ce3d7b77 (diff) |
Merge pull request #33783 from nextcloud/backport/33139/stable22
[stable22] Check calendar URI length before creation
-rw-r--r-- | apps/dav/lib/CalDAV/CalDavBackend.php | 11 | ||||
-rw-r--r-- | apps/dav/lib/CardDAV/CardDavBackend.php | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php index d3eaa8ed286..09ef6c7c429 100644 --- a/apps/dav/lib/CalDAV/CalDavBackend.php +++ b/apps/dav/lib/CalDAV/CalDavBackend.php @@ -39,6 +39,7 @@ namespace OCA\DAV\CalDAV; use DateTime; +use InvalidArgumentException; use OCA\DAV\AppInfo\Application; use OCA\DAV\Connector\Sabre\Principal; use OCA\DAV\DAV\Sharing\Backend; @@ -815,8 +816,14 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription * @param string $calendarUri * @param array $properties * @return int + * + * @throws InvalidArgumentException */ public function createCalendar($principalUri, $calendarUri, array $properties) { + if (strlen($calendarUri) > 255) { + throw new InvalidArgumentException('URI too long. Calendar not created'); + } + $values = [ 'principaluri' => $this->convertPrincipal($principalUri, true), 'uri' => $calendarUri, @@ -1406,7 +1413,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription if (!in_array($classification, [ self::CLASSIFICATION_PUBLIC, self::CLASSIFICATION_PRIVATE, self::CLASSIFICATION_CONFIDENTIAL ])) { - throw new \InvalidArgumentException(); + throw new InvalidArgumentException(); } $query = $this->db->getQueryBuilder(); $query->update('calendarobjects') @@ -3105,7 +3112,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription $result->closeCursor(); if (!isset($objectIds['id'])) { - throw new \InvalidArgumentException('Calendarobject does not exists: ' . $uri); + throw new InvalidArgumentException('Calendarobject does not exists: ' . $uri); } return (int)$objectIds['id']; diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php index 1c1754ff752..ebbf44376f5 100644 --- a/apps/dav/lib/CardDAV/CardDavBackend.php +++ b/apps/dav/lib/CardDAV/CardDavBackend.php @@ -416,6 +416,10 @@ class CardDavBackend implements BackendInterface, SyncSupport { * @throws BadRequest */ public function createAddressBook($principalUri, $url, array $properties) { + if (strlen($url) > 255) { + throw new BadRequest('URI too long. Address book not created'); + } + $values = [ 'displayname' => null, 'description' => null, |