aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-10-09 21:28:24 -0700
committerzotlabs <mike@macgirvin.com>2016-10-09 21:28:24 -0700
commit8eac8132e31106c4220c496229f68496e0d8bc08 (patch)
tree522f5e516193615a0add10f8ad55b36f0074243a
parent50f579d3019a2469f455851effda834edd2e573d (diff)
downloadvolse-hubzilla-8eac8132e31106c4220c496229f68496e0d8bc08.tar.gz
volse-hubzilla-8eac8132e31106c4220c496229f68496e0d8bc08.tar.bz2
volse-hubzilla-8eac8132e31106c4220c496229f68496e0d8bc08.zip
snap dav module is currently read-only. error out on any request methods which can alter data.
-rw-r--r--Zotlabs/Module/Snap.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/Zotlabs/Module/Snap.php b/Zotlabs/Module/Snap.php
index 742d88617..8e52d85ac 100644
--- a/Zotlabs/Module/Snap.php
+++ b/Zotlabs/Module/Snap.php
@@ -58,6 +58,9 @@ class Snap extends \Zotlabs\Web\Controller {
else
killme();
+ if(! in_array(strtolower($_SERVER['REQUEST_METHOD']),['propfind','get','head']))
+ killme();
+
$auth = new \Zotlabs\Storage\BasicAuth();
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');