check anonymous OPTIONS requests file in root (not in subdir)

Signed-off-by: Bastien Durel <bastien@durel.org>
This commit is contained in:
Bastien Durel 2019-01-04 13:05:35 +01:00 committed by Backportbot
parent f736b3445f
commit 4535cc50ad
2 changed files with 14 additions and 1 deletions

View file

@ -45,12 +45,19 @@ class AnonymousOptionsPlugin extends ServerPlugin {
$this->server->on('beforeMethod', [$this, 'handleAnonymousOptions'], 9);
}
/**
* @return bool
*/
public function isRequestInRoot($path) {
return $path === '' || (is_string($path) && strpos($path, '/') === FALSE);
}
/**
* @throws \Sabre\DAV\Exception\Forbidden
* @return bool
*/
public function handleAnonymousOptions(RequestInterface $request, ResponseInterface $response) {
if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS') {
if ($request->getHeader('Authorization') === null && $request->getMethod() === 'OPTIONS' && $this->isRequestInRoot($request->getPath())) {
/** @var CorePlugin $corePlugin */
$corePlugin = $this->server->getPlugin('core');
// setup a fake tree for anonymous access

View file

@ -56,6 +56,12 @@ class AnonymousOptionsTest extends TestCase {
$this->assertEquals(200, $response->getStatus());
}
public function testAnonymousOptionsNonRootSubDir() {
$response = $this->sendRequest('OPTIONS', 'foo/bar');
$this->assertEquals(401, $response->getStatus());
}
}
class SapiMock extends Sapi {