|
|
|
|
@ -14,12 +14,22 @@ class MtimeSanitizer {
|
|
|
|
|
// ensures that strings with hexadecimal notations fail too in PHP 5.X.
|
|
|
|
|
$isHexadecimal = preg_match('/^\s*0[xX]/', $mtimeFromRequest);
|
|
|
|
|
if ($isHexadecimal || !is_numeric($mtimeFromRequest)) {
|
|
|
|
|
throw new \InvalidArgumentException('X-OC-MTime header must be an integer (unix timestamp).');
|
|
|
|
|
throw new \InvalidArgumentException(
|
|
|
|
|
sprintf(
|
|
|
|
|
'X-OC-MTime header must be a valid integer (unix timestamp), got "%s".',
|
|
|
|
|
$mtimeFromRequest
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prevent writing invalid mtime (timezone-proof)
|
|
|
|
|
if ((int)$mtimeFromRequest <= 24 * 60 * 60) {
|
|
|
|
|
throw new \InvalidArgumentException('X-OC-MTime header must be a valid positive integer');
|
|
|
|
|
throw new \InvalidArgumentException(
|
|
|
|
|
sprintf(
|
|
|
|
|
'X-OC-MTime header must be a valid positive unix timestamp greater than one day, got "%s".',
|
|
|
|
|
$mtimeFromRequest
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (int)$mtimeFromRequest;
|
|
|
|
|
|
Git'Fellow
GitHub