mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 09:23:28 +01:00
guard against CalDAV clients wrongly sending a Content-Type or Accept header for JSON
This commit is contained in:
parent
46795ec108
commit
3d2f915037
@ -1073,6 +1073,12 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
$type = in_array($_SERVER['REQUEST_METHOD'], ['PUT', 'POST', 'PATCH', 'PROPPATCH']) ?
|
||||
$_SERVER['HTTP_CONTENT_TYPE'] : $_SERVER['HTTP_ACCEPT'];
|
||||
}
|
||||
// make sure the client is not just a CalDAV client wrongly sending a Content-Type or Accept header for JSON
|
||||
if (in_array($_SERVER['REQUEST_METHOD'], ['REPORT', 'PROPFIND', 'PROPPATCH']) || // no REST, but CalDAV methods
|
||||
isset($_SERVER['HTTP_CONTENT_TYPE']) && pref_match('#(application|text)/xml#', $_SERVER['HTTP_CONTENT_TYPE']))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return preg_match('#application/(([^+ ;]+)\+)?json#', $type, $matches) ?
|
||||
(empty($matches[1]) ? true : $matches[2]) : false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user