5apps/liquor-cabinet
5apps/liquor-cabinet
4
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Activity

Move the Content-Type format validation with the other validations

Browse Source
This commit is contained in:
Greg Karékinian 2020-04-15 14:23:12 +02:00
parent 71d138894e
commit c2d5fc9e07
2 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/remote_storage/rest_provider.rb
View File

@ -118,6 +118,9 @@ module RemoteStorage
end end
def put_data(user, directory, key, data, content_type) def put_data(user, directory, key, data, content_type)
# Do not try to perform the PUT request when the Content-Type does not
# look like a MIME type
server.halt 415 unless content_type.match(/^.+\/.+/i)
server.halt 400 if server.env["HTTP_CONTENT_RANGE"] server.halt 400 if server.env["HTTP_CONTENT_RANGE"]
server.halt 409, "Conflict" if has_name_collision?(user, directory, key) server.halt 409, "Conflict" if has_name_collision?(user, directory, key)
@ -506,10 +509,5 @@ module RemoteStorage
items items
end end
def validate_content_type(content_type)
# Do not try to perform the PUT request when the Content-Type does not
# look like a MIME type
server.halt 415 unless content_type.match(/^.+\/.+/i)
end
end end
end end

2
lib/remote_storage/s3.rb
View File

@ -16,8 +16,6 @@ module RemoteStorage
end end
def do_put_request(url, data, content_type) def do_put_request(url, data, content_type)
validate_content_type(content_type)
deal_with_unauthorized_requests do deal_with_unauthorized_requests do
md5 = Digest::MD5.base64digest(data) md5 = Digest::MD5.base64digest(data)
authorization_headers = authorization_headers_for( authorization_headers = authorization_headers_for(