diff options
| author | John Molakvoæ <skjnldsv@protonmail.com> | 2021-12-06 17:17:08 +0300 |
|---|---|---|
| committer | John Molakvoæ <skjnldsv@protonmail.com> | 2021-12-07 11:40:23 +0300 |
| commit | 5223b0b6112defe682aafcddeda951b5461c95c8 (patch) | |
| tree | 75a286a12f01e1130ce3d793416817a1a4a92ea3 /apps/dav/lib/Connector | |
| parent | 4ed014ca86892498c585cf28603c768db86b7e71 (diff) | |
Prevent writing invalid mtime
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/dav/lib/Connector')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Node.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Node.php b/apps/dav/lib/Connector/Sabre/Node.php index 7f7299296c6..0fc8a441277 100644 --- a/apps/dav/lib/Connector/Sabre/Node.php +++ b/apps/dav/lib/Connector/Sabre/Node.php @@ -412,6 +412,11 @@ abstract class Node implements \Sabre\DAV\INode { throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).'); } + // Prevent writing invalid mtime (timezone-proof) + if ((int)$mtimeFromRequest <= 24 * 60 * 60) { + throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer'); + } + return (int)$mtimeFromRequest; } } |