From c27722520c55d5ba96c0b40f0825a93fb10cac2f Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Wed, 30 May 2018 20:16:18 +0200
Subject: Make sure the log doesn't try to read from PUT if it can't

If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.

If we don't then we either are the first to read it, thus causing the
real read of the data to fail.

Or we are later and then it throws an exception (also failing the
request).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 lib/private/Log.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/private/Log.php b/lib/private/Log.php
index 6da23bfbaee..37ae2d0d067 100644
--- a/lib/private/Log.php
+++ b/lib/private/Log.php
@@ -285,8 +285,16 @@ class Log implements ILogger {
 				if(isset($logCondition['shared_secret'])) {
 					$request = \OC::$server->getRequest();
 
+					if ($request->getMethod() === 'PUT' &&
+						strpos($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false &&
+						strpos($request->getHeader('Content-Type'), 'application/json') === false) {
+						$logSecretRequest = '';
+					} else {
+						$logSecretRequest = $request->getParam('log_secret', '');
+					}
+
 					// if token is found in the request change set the log condition to satisfied
-					if($request && hash_equals($logCondition['shared_secret'], $request->getParam('log_secret', ''))) {
+					if ($request && hash_equals($logCondition['shared_secret'], $logSecretRequest)) {
 						$this->logConditionSatisfied = true;
 					}
 				}
-- 
cgit v1.2.3