5apps/liquor-cabinet
5apps/liquor-cabinet
4
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Activity

Merge pull request #138 from 5apps/feature/137-validate_content-type_put

Browse Source 
Validate the Content-Type on PUT requests
This commit is contained in:
Basti 2020-04-15 15:09:27 +02:00 committed by GitHub
commit 153176fb15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/remote_storage/rest_provider.rb
View File

@ -118,6 +118,9 @@ module RemoteStorage
end end
def put_data(user, directory, key, data, content_type) def put_data(user, directory, key, data, content_type)
# Do not try to perform the PUT request when the Content-Type does not
# look like a MIME type
server.halt 415 unless content_type.match(/^.+\/.+/i)
server.halt 400 if server.env["HTTP_CONTENT_RANGE"] server.halt 400 if server.env["HTTP_CONTENT_RANGE"]
server.halt 409, "Conflict" if has_name_collision?(user, directory, key) server.halt 409, "Conflict" if has_name_collision?(user, directory, key)

10
spec/shared_examples.rb
View File

@ -232,6 +232,16 @@ shared_examples_for 'a REST adapter' do
_(last_response.body).must_equal "Precondition Failed" _(last_response.body).must_equal "Precondition Failed"
end end
end end
describe "Content-Type" do
it "must be in the type/subtype format" do
header "Content-Type", "text"
put "/phil/food/invalid_content_type", "invalid"
_(last_response.status).must_equal 415
end
end
end end
end end