Skip to content

Commit d3d2056

Browse files
nickvergessennickvergessen
authored
Merge pull request #55316 from nextcloud/backport/55283/stable32
[stable32] fix(workflowenigne): stricter length header handling
2 parents f2051ca + 8d99fa3 commit d3d2056

File tree

2 files changed

+15
-19
lines changed

2 files changed

+15
-19
lines changed

apps/workflowengine/lib/Check/FileSize.php

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -67,25 +67,35 @@ public function validateCheck($operator, $value) {
6767
}
6868

6969
/**
70-
* @return string
70+
* Gets the file size from HTTP headers.
71+
*
72+
* Checks 'OC-Total-Length' first; if unavailable and the method is POST or PUT,
73+
* checks 'Content-Length'. Returns the size as int, float, or false if not found or invalid.
74+
*
75+
* @return int|float|false File size in bytes, or false if unavailable.
7176
*/
7277
protected function getFileSizeFromHeader() {
7378
if ($this->size !== null) {
79+
// Already have it cached?
7480
return $this->size;
7581
}
7682

7783
$size = $this->request->getHeader('OC-Total-Length');
7884
if ($size === '') {
79-
if (in_array($this->request->getMethod(), ['POST', 'PUT'])) {
85+
// Try fallback for upload methods
86+
$method = $this->request->getMethod();
87+
if (in_array($method, ['POST', 'PUT'], true)) {
8088
$size = $this->request->getHeader('Content-Length');
8189
}
8290
}
8391

84-
if ($size === '') {
85-
$size = false;
92+
if ($size !== '' && is_numeric($size)) {
93+
$this->size = Util::numericToNumber($size);
94+
} else {
95+
// No valid size header found
96+
$this->size = false;
8697
}
8798

88-
$this->size = $size;
8999
return $this->size;
90100
}
91101

build/psalm-baseline.xml

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -2748,20 +2748,6 @@
27482748
<code><![CDATA[null]]></code>
27492749
</NullArgument>
27502750
</file>
2751-
<file src="apps/workflowengine/lib/Check/FileSize.php">
2752-
<FalsableReturnStatement>
2753-
<code><![CDATA[$this->size]]></code>
2754-
</FalsableReturnStatement>
2755-
<InvalidPropertyAssignmentValue>
2756-
<code><![CDATA[$size]]></code>
2757-
</InvalidPropertyAssignmentValue>
2758-
<InvalidReturnStatement>
2759-
<code><![CDATA[$this->size]]></code>
2760-
</InvalidReturnStatement>
2761-
<InvalidReturnType>
2762-
<code><![CDATA[string]]></code>
2763-
</InvalidReturnType>
2764-
</file>
27652751
<file src="apps/workflowengine/lib/Check/RequestRemoteAddress.php">
27662752
<InvalidArgument>
27672753
<code><![CDATA[$decodedValue[1]]]></code>

0 commit comments

Comments
 (0)