diff options
author | Vincent Petry <pvince81@owncloud.com> | 2016-10-20 18:13:26 +0300 |
---|---|---|
committer | Thomas Müller <DeepDiver1975@users.noreply.github.com> | 2016-10-20 18:13:26 +0300 |
commit | 5a7be627970d49de6cfdb1270ce0bae2a1459e4e (patch) | |
tree | d872c96d81ae9b896ab11950f6e1ccadd6937492 /lib | |
parent | 9909e66d515252a06731bae34595ab17574b4007 (diff) |
Sanitize length headers when validating quota (#26421)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/connector/sabre/quotaplugin.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/private/connector/sabre/quotaplugin.php b/lib/private/connector/sabre/quotaplugin.php index 59d0e188f66..46535da4f7e 100644 --- a/lib/private/connector/sabre/quotaplugin.php +++ b/lib/private/connector/sabre/quotaplugin.php @@ -85,12 +85,13 @@ class OC_Connector_Sabre_QuotaPlugin extends \Sabre\DAV\ServerPlugin { public function getLength() { $req = $this->server->httpRequest; $length = $req->getHeader('X-Expected-Entity-Length'); - if (!$length) { + if (!is_numeric($length)) { $length = $req->getHeader('Content-Length'); + $length = is_numeric($length) ? $length : null; } $ocLength = $req->getHeader('OC-Total-Length'); - if ($length && $ocLength) { + if (is_numeric($length) && is_numeric($ocLength)) { return max($length, $ocLength); } |