Merge pull request #138 from 5apps/feature/137-validate_content-type_put

Validate the Content-Type on PUT requests

lib/remote_storage/rest_provider.rb

@@ -118,6 +118,9 @@ module RemoteStorage
     end
 
     def put_data(user, directory, key, data, content_type)
+      # Do not try to perform the PUT request when the Content-Type does not
+      # look like a MIME type
+      server.halt 415 unless content_type.match(/^.+\/.+/i)
       server.halt 400 if server.env["HTTP_CONTENT_RANGE"]
       server.halt 409, "Conflict" if has_name_collision?(user, directory, key)
 

spec/shared_examples.rb

@@ -232,6 +232,16 @@ shared_examples_for 'a REST adapter' do
           _(last_response.body).must_equal "Precondition Failed"
         end
       end
+
+      describe "Content-Type" do
+        it "must be in the type/subtype format" do
+          header "Content-Type", "text"
+
+          put "/phil/food/invalid_content_type", "invalid"
+
+          _(last_response.status).must_equal 415
+        end
+      end
     end
 
   end