[CalendarServer-changes] [3676] CalendarServer/branches/users/wsanchez/deployment/twistedcaldav/ method/put_common.py
source_changes at macosforge.org
source_changes at macosforge.org
Tue Feb 17 08:20:39 PST 2009
Revision: 3676
http://trac.macosforge.org/projects/calendarserver/changeset/3676
Author: cdaboo at apple.com
Date: 2009-02-17 08:20:38 -0800 (Tue, 17 Feb 2009)
Log Message:
-----------
Merged r3460 - check content length before parsing iCalendar data with vobject.
Modified Paths:
--------------
CalendarServer/branches/users/wsanchez/deployment/twistedcaldav/method/put_common.py
Modified: CalendarServer/branches/users/wsanchez/deployment/twistedcaldav/method/put_common.py
===================================================================
--- CalendarServer/branches/users/wsanchez/deployment/twistedcaldav/method/put_common.py 2009-02-17 02:58:06 UTC (rev 3675)
+++ CalendarServer/branches/users/wsanchez/deployment/twistedcaldav/method/put_common.py 2009-02-17 16:20:38 UTC (rev 3676)
@@ -213,6 +213,20 @@
return result, message
+ def validContentLength():
+ """
+ Make sure that the length of the source data is within bounds.
+ """
+ result = True
+ message = ""
+ if config.MaximumAttachmentSize:
+ calsize = source.contentLength()
+ if calsize is not None and calsize > config.MaximumAttachmentSize:
+ result = False
+ message = "File size %d bytes is larger than allowed limit %d bytes" % (calsize, config.MaximumAttachmentSize)
+
+ return result, message
+
def validCalendarDataCheck():
"""
Check that the calendar data is valid iCalendar.
@@ -254,13 +268,12 @@
def validSizeCheck():
"""
- Make sure that the content-type of the source resource is text/calendar.
- This test is only needed when the source is not in a calendar collection.
+ Make sure that the size of the data is within bounds.
"""
result = True
message = ""
if config.MaximumAttachmentSize:
- calsize = len(str(calendar))
+ calsize = len(calendardata)
if calsize > config.MaximumAttachmentSize:
result = False
message = "Data size %d bytes is larger than allowed limit %d bytes" % (calsize, config.MaximumAttachmentSize)
@@ -355,6 +368,20 @@
log.err(message)
raise HTTPError(StatusResponse(responsecode.FORBIDDEN, "Resource name not allowed"))
+ # Valid data sizes - do before parsing the data
+ if source is not None:
+ # Valid content length check on the source resource
+ result, message = validContentLength()
+ if not result:
+ log.err(message)
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+ else:
+ # Valid calendar data size check
+ result, message = validSizeCheck()
+ if not result:
+ log.err(message)
+ raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+
if not sourcecal:
# Valid content type check on the source resource if its not in a calendar collection
if source is not None:
@@ -398,12 +425,6 @@
# would be better to copy the index entries from the source and add to the destination.
calendar = source.iCalendar()
- # Valid calendar data size check
- result, message = validSizeCheck()
- if not result:
- log.err(message)
- raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
-
# Check access
if destinationcal and config.EnablePrivateEvents:
d = waitForDeferred(validAccess())
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090217/4c3368cc/attachment.html>
More information about the calendarserver-changes
mailing list