* @param array $params
* @return array Sanitized value of 'headers' field in $params
*/
+ protected function sanitizeHdrsStrict( array $params ) {
+ if ( !isset( $params['headers'] ) ) {
+ return [];
+ }
+ $headers = $this->getCustomHeaders( $params ['headers'] );
+ if ( isset( $headers[ 'content-type' ] ) ) {
+ unset( $headers[ 'content-type' ] );
+ }
+ return $headers;
+ }
+
+ /**
+ * Sanitize and filter the custom headers from a $params array.
+ * Only allows certain "standard" Content- and X-Content- headers.
+ *
+ * When POSTing data, libcurl adds Content-Type: application/x-www-form-urlencoded
+ * if Content-Type is not set, which overwrites the stored Content-Type header
+ * in Swift - therefore for POSTing data do not strip the Content-Type header (the
+ * previously-stored header that has been already read back from swift is sent)
+ *
+ * @param array $params
+ * @return array Sanitized value of 'headers' field in $params
+ */
protected function sanitizeHdrs( array $params ) {
return isset( $params['headers'] )
? $this->getCustomHeaders( $params['headers'] )
// Normalize casing, and strip out illegal headers
foreach ( $rawHeaders as $name => $value ) {
$name = strtolower( $name );
- if ( preg_match( '/^content-(type|length)$/', $name ) ) {
+ if ( preg_match( '/^content-length$/', $name ) ) {
continue; // blacklisted
} elseif ( preg_match( '/^(x-)?content-/', $name ) ) {
$headers[$name] = $value; // allowed
'etag' => md5( $params['content'] ),
'content-type' => $contentType,
'x-object-meta-sha1base36' => $sha1Hash
- ] + $this->sanitizeHdrs( $params ),
+ ] + $this->sanitizeHdrsStrict( $params ),
'body' => $params['content']
] ];
'etag' => md5_file( $params['src'] ),
'content-type' => $contentType,
'x-object-meta-sha1base36' => $sha1Hash
- ] + $this->sanitizeHdrs( $params ),
+ ] + $this->sanitizeHdrsStrict( $params ),
'body' => $handle // resource
] ];
'headers' => [
'x-copy-from' => '/' . rawurlencode( $srcCont ) .
'/' . str_replace( "%2F", "/", rawurlencode( $srcRel ) )
- ] + $this->sanitizeHdrs( $params ), // extra headers merged into object
+ ] + $this->sanitizeHdrsStrict( $params ), // extra headers merged into object
] ];
$method = __METHOD__;
'headers' => [
'x-copy-from' => '/' . rawurlencode( $srcCont ) .
'/' . str_replace( "%2F", "/", rawurlencode( $srcRel ) )
- ] + $this->sanitizeHdrs( $params ) // extra headers merged into object
+ ] + $this->sanitizeHdrsStrict( $params ) // extra headers merged into object
]
];
if ( "{$srcCont}/{$srcRel}" !== "{$dstCont}/{$dstRel}" ) {
);
}
+ /**
+ * @dataProvider provider_testSanitizeHdrsStrict
+ */
+ public function testSanitizeHdrsStrict( $raw, $sanitized ) {
+ $hdrs = $this->backend->sanitizeHdrsStrict( [ 'headers' => $raw ] );
+
+ $this->assertEquals( $hdrs, $sanitized, 'sanitizeHdrsStrict() has expected result' );
+ }
+
+ public static function provider_testSanitizeHdrsStrict() {
+ return [
+ [
+ [
+ 'content-length' => 345,
+ 'content-type' => 'image+bitmap/jpeg',
+ 'content-disposition' => 'inline',
+ 'content-duration' => 35.6363,
+ 'content-Custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ],
+ [
+ 'content-disposition' => 'inline',
+ 'content-duration' => 35.6363,
+ 'content-custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ]
+ ],
+ [
+ [
+ 'content-length' => 345,
+ 'content-type' => 'image+bitmap/jpeg',
+ 'content-Disposition' => 'inline; filename=xxx; ' . str_repeat( 'o', 1024 ),
+ 'content-duration' => 35.6363,
+ 'content-custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ],
+ [
+ 'content-disposition' => 'inline;filename=xxx',
+ 'content-duration' => 35.6363,
+ 'content-custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ]
+ ],
+ [
+ [
+ 'content-length' => 345,
+ 'content-type' => 'image+bitmap/jpeg',
+ 'content-disposition' => 'filename=' . str_repeat( 'o', 1024 ) . ';inline',
+ 'content-duration' => 35.6363,
+ 'content-custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ],
+ [
+ 'content-disposition' => '',
+ 'content-duration' => 35.6363,
+ 'content-custom' => 'hello',
+ 'x-content-custom' => 'hello'
+ ]
+ ]
+ ];
+ }
+
/**
* @dataProvider provider_testSanitizeHdrs
*/
'x-content-custom' => 'hello'
],
[
+ 'content-type' => 'image+bitmap/jpeg',
'content-disposition' => 'inline',
'content-duration' => 35.6363,
'content-custom' => 'hello',
'x-content-custom' => 'hello'
],
[
+ 'content-type' => 'image+bitmap/jpeg',
'content-disposition' => 'inline;filename=xxx',
'content-duration' => 35.6363,
'content-custom' => 'hello',
'x-content-custom' => 'hello'
],
[
+ 'content-type' => 'image+bitmap/jpeg',
'content-disposition' => '',
'content-duration' => 35.6363,
'content-custom' => 'hello',