Sanitize length headers when validating quota #26366

Merged
merged 1 commit into from Oct 18, 2016

Projects

None yet

4 participants

@DeepDiver1975
Member
DeepDiver1975 commented Oct 13, 2016 edited

Description

In case an invalid value for one of the length headers is sent we ignore them when checking the quota

Motivation

By submitting a non numeric value as length header the quote checks could be bypassed.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
@DeepDiver1975 DeepDiver1975 Sanitize length headers when validating quota
2d781e5
@DeepDiver1975 DeepDiver1975 added this to the 9.2 milestone Oct 13, 2016
@mention-bot

@DeepDiver1975, thanks for your PR! By analyzing the history of the files in this pull request, we identified @PVince81, @MorrisJobke and @nickvergessen to be potential reviewers.

@PVince81
Collaborator

Not sure why (you deleted the "Motivation" section 😉), but ok as a safeguard 👍

@DeepDiver1975
Member

Not sure why (you deleted the "Motivation" section 😉)

added again

@PVince81
Collaborator

Thanks, makes sense! merging

@PVince81 PVince81 merged commit a8e96d7 into master Oct 18, 2016

4 checks passed

Scrutinizer 15 new issues, 3 updated code elements
Details
continuous-integration/jenkins/pr-head This commit looks good
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@PVince81 PVince81 deleted the computer-quota-properly-for-non-chunking branch Oct 18, 2016
@PVince81
Collaborator

@DeepDiver1975 do we want a backport for this ?

@DeepDiver1975
Member

I guess so ... @Peter-Prochaska critical enough to backport this to earlier versions? THX

@Peter-Prochaska
Contributor

@DeepDiver1975 @PVince81 its a good idea to backport this. It is not the big change...

@PVince81
Collaborator

I will take care...

@PVince81
Collaborator

stable9.1: #26416
stable9: #26417

@PVince81
Collaborator

stable8.2: #26418
stable8.1: #26419
stable8: #26421

Please review the backports

@MorrisJobke MorrisJobke referenced this pull request in nextcloud/server Oct 20, 2016
Merged

Code style changes from downstream #1821

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment