diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-05-30 21:16:18 +0300 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-05-30 21:27:30 +0300 |
| commit | c27722520c55d5ba96c0b40f0825a93fb10cac2f (patch) | |
| tree | ac4973fb4374b75f8c94aaaa1a153728a3714205 /lib | |
| parent | 475d9e15b6afc40b2ccebca49aab5f8a2cbb03d3 (diff) | |
Make sure the log doesn't try to read from PUT if it can't
If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.
If we don't then we either are the first to read it, thus causing the
real read of the data to fail.
Or we are later and then it throws an exception (also failing the
request).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Log.php | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/private/Log.php b/lib/private/Log.php index 6da23bfbaee..37ae2d0d067 100644 --- a/lib/private/Log.php +++ b/lib/private/Log.php @@ -285,8 +285,16 @@ class Log implements ILogger { if(isset($logCondition['shared_secret'])) { $request = \OC::$server->getRequest(); + if ($request->getMethod() === 'PUT' && + strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false && + strpos($request->getHeader('Content-Type'), 'application/json') === false) { + $logSecretRequest = ''; + } else { + $logSecretRequest = $request->getParam('log_secret', ''); + } + // if token is found in the request change set the log condition to satisfied - if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) { + if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) { $this->logConditionSatisfied = true; } } |