Skip to content

Commit 2caef00

Browse files
nickvergessennickvergessen
authored
Merge pull request #55611 from nextcloud/backport/55316/stable31
[stable31] fix(workflowenigne): stricter length header handling
2 parents 6d0ca18 + c2c434f commit 2caef00

File tree

2 files changed

+15
-19
lines changed

2 files changed

+15
-19
lines changed

apps/workflowengine/lib/Check/FileSize.php

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -66,25 +66,35 @@ public function validateCheck($operator, $value) {
6666
}
6767

6868
/**
69-
* @return string
69+
* Gets the file size from HTTP headers.
70+
*
71+
* Checks 'OC-Total-Length' first; if unavailable and the method is POST or PUT,
72+
* checks 'Content-Length'. Returns the size as int, float, or false if not found or invalid.
73+
*
74+
* @return int|float|false File size in bytes, or false if unavailable.
7075
*/
7176
protected function getFileSizeFromHeader() {
7277
if ($this->size !== null) {
78+
// Already have it cached?
7379
return $this->size;
7480
}
7581

7682
$size = $this->request->getHeader('OC-Total-Length');
7783
if ($size === '') {
78-
if (in_array($this->request->getMethod(), ['POST', 'PUT'])) {
84+
// Try fallback for upload methods
85+
$method = $this->request->getMethod();
86+
if (in_array($method, ['POST', 'PUT'], true)) {
7987
$size = $this->request->getHeader('Content-Length');
8088
}
8189
}
8290

83-
if ($size === '') {
84-
$size = false;
91+
if ($size !== '' && is_numeric($size)) {
92+
$this->size = Util::numericToNumber($size);
93+
} else {
94+
// No valid size header found
95+
$this->size = false;
8596
}
8697

87-
$this->size = $size;
8898
return $this->size;
8999
}
90100

build/psalm-baseline.xml

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1141,20 +1141,6 @@
11411141
<code><![CDATA[null]]></code>
11421142
</NullArgument>
11431143
</file>
1144-
<file src="apps/workflowengine/lib/Check/FileSize.php">
1145-
<FalsableReturnStatement>
1146-
<code><![CDATA[$this->size]]></code>
1147-
</FalsableReturnStatement>
1148-
<InvalidPropertyAssignmentValue>
1149-
<code><![CDATA[$size]]></code>
1150-
</InvalidPropertyAssignmentValue>
1151-
<InvalidReturnStatement>
1152-
<code><![CDATA[$this->size]]></code>
1153-
</InvalidReturnStatement>
1154-
<InvalidReturnType>
1155-
<code><![CDATA[string]]></code>
1156-
</InvalidReturnType>
1157-
</file>
11581144
<file src="apps/workflowengine/lib/Check/RequestRemoteAddress.php">
11591145
<InvalidArgument>
11601146
<code><![CDATA[$decodedValue[1]]]></code>

0 commit comments

Comments
 (0)