[Pkg-owncloud-commits] [php-sabre-vobject] 27/46: Automatically stop recurring after 3500 iterations.
David Prévot
taffit at moszumanska.debian.org
Thu Dec 10 02:12:40 UTC 2015
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabre-vobject.
commit fa57eb29ad188f51d5f27f791789119894493450
Author: Evert Pot <me at evertpot.com>
Date: Wed Nov 25 23:23:46 2015 -0500
Automatically stop recurring after 3500 iterations.
Fixes #220
---
CHANGELOG.md | 1 +
lib/Recur/EventIterator.php | 18 ++++++++++
lib/Recur/MaxInstancesExceededException.php | 16 +++++++++
.../Recur/EventIterator/MaxInstancesTest.php | 42 ++++++++++++++++++++++
4 files changed, 77 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b4763d8..d91de99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ ChangeLog
* It's now possible to override which class is used instead of
`Component\VCalendar` or `Component\VCard` during parsing.
* #263: Lots of small cleanups. (@jakobsack)
+* #220: Automatically stop recurring after 3500 recurrences.
4.0.0-alpha2 (2015-09-04)
diff --git a/lib/Recur/EventIterator.php b/lib/Recur/EventIterator.php
index 547a47a..ca477f0 100644
--- a/lib/Recur/EventIterator.php
+++ b/lib/Recur/EventIterator.php
@@ -71,6 +71,21 @@ class EventIterator implements \Iterator {
*/
protected $allDay = false;
+
+ /**
+ * Automatically stop iterating after this many iterations.
+ *
+ * This is a security measure. Without this, it would be possible to craft
+ * specific events that recur many, many times, potentially DDOSing the
+ * server.
+ *
+ * The default (3500) allows creation of a dialy event that goes on for 10
+ * years, which is hopefully long enouogh for most.
+ *
+ * Set this value to -1 to disable this control altogether.
+ */
+ static $maxInstances = 3500;
+
/**
* Creates the iterator.
*
@@ -314,6 +329,9 @@ class EventIterator implements \Iterator {
*/
function valid() {
+ if ($this->counter > self::$maxInstances && self::$maxInstances !== -1) {
+ throw new MaxInstancesExceededException('Recurring events are only allowed to generate ' . self::$maxInstances);
+ }
return !!$this->currentDate;
}
diff --git a/lib/Recur/MaxInstancesExceededException.php b/lib/Recur/MaxInstancesExceededException.php
new file mode 100644
index 0000000..24555f8
--- /dev/null
+++ b/lib/Recur/MaxInstancesExceededException.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Sabre\VObject\Recur;
+
+use Exception;
+
+/**
+ * This exception will get thrown when a recurrence rule generated more than
+ * the maximum number of instances.
+ *
+ * @copyright Copyright (C) 2011-2015 fruux GmbH (https://fruux.com/).
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class MaxInstancesExceededException extends Exception {
+}
diff --git a/tests/VObject/Recur/EventIterator/MaxInstancesTest.php b/tests/VObject/Recur/EventIterator/MaxInstancesTest.php
new file mode 100644
index 0000000..cd38aad
--- /dev/null
+++ b/tests/VObject/Recur/EventIterator/MaxInstancesTest.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace Sabre\VObject\Recur\EventIterator;
+
+use Sabre\VObject\Reader;
+use Sabre\VObject\Recur\EventIterator;
+use Sabre\VObject\TestCase;
+use DateTime;
+
+class MaxInstancesTest extends TestCase {
+
+ /**
+ * @expectedException \Sabre\VObject\Recur\MaxInstancesExceededException
+ */
+ function testOverrideFirstEvent() {
+
+ $input = <<<ICS
+BEGIN:VCALENDAR
+VERSION:2.0
+BEGIN:VEVENT
+UID:foobar
+DTSTART:20140803T120000Z
+RRULE:FREQ=WEEKLY
+SUMMARY:Original
+END:VEVENT
+END:VCALENDAR
+ICS;
+
+ $temp = EventIterator::$maxInstances;
+ EventIterator::$maxInstances = 4;
+ try {
+
+ $vcal = Reader::read($input);
+ $vcal->expand(new DateTime('2014-08-01'), new DateTime('2014-09-01'));
+
+ } finally {
+ EventIterator::$maxInstances = $temp;
+ }
+
+ }
+
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/php-sabre-vobject.git
More information about the Pkg-owncloud-commits
mailing list