From a534964876c6bfa86d8be43becf071ad8aabcf47 Mon Sep 17 00:00:00 2001
From: Victor Dubiniuk <victor.dubiniuk@gmail.com>
Date: Thu, 14 May 2020 15:45:47 +0300
Subject: [PATCH] Allow reading params of PUT more than once

---
 changelog/unreleased/37394                  |  7 ++++
 lib/private/AppFramework/Http/Request.php   |  2 ++
 tests/lib/AppFramework/Http/RequestTest.php | 36 ++++++++++++++++++++-
 3 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/37394

diff --git a/changelog/unreleased/37394 b/changelog/unreleased/37394
new file mode 100644
index 000000000000..9de021ddef3e
--- /dev/null
+++ b/changelog/unreleased/37394
@@ -0,0 +1,7 @@
+Bugfix: Allow unlimited access to PUT body if content length is 0
+
+It was not possible to read more than one URL param of the PUT request with the empty body.
+This change checks Content-Length and do not throw the exception on empty request body if 
+Content-Length states that the empty body had been sent. 
+
+https://github.com/owncloud/core/pull/37394
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php
index 579887ad77da..0cfd55c05b24 100644
--- a/lib/private/AppFramework/Http/Request.php
+++ b/lib/private/AppFramework/Http/Request.php
@@ -388,6 +388,8 @@ public function getCookie($key) {
 	protected function getContent() {
 		// If the content can't be parsed into an array then return a stream resource.
 		if ($this->method === 'PUT'
+			&& $this->getHeader('Content-Length') !== 0
+			&& $this->getHeader('Content-Length') !== null
 			&& \strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false
 			&& \strpos($this->getHeader('Content-Type'), 'application/json') === false
 		) {
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index 62262f355cb1..d4d736e5d725 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -308,7 +308,10 @@ public function testPutStream() {
 		$vars = [
 			'put' => $data,
 			'method' => 'PUT',
-			'server' => ['CONTENT_TYPE' => 'image/png'],
+			'server' => [
+				'CONTENT_TYPE' => 'image/png',
+				'CONTENT_LENGTH' => \strlen($data),
+			],
 		];
 
 		$request = new Request(
@@ -332,6 +335,37 @@ public function testPutStream() {
 		$this->fail('Expected LogicException.');
 	}
 
+	public function testDoubleGetParamOnPut() {
+		$vars = [
+			'method' => 'PUT',
+			'server' => [],
+		];
+
+		$request = new Request(
+			$vars,
+			$this->secureRandom,
+			$this->config,
+			$this->csrfTokenManager,
+			$this->stream
+		);
+
+		// trigger decoding of the request
+		$request->getParam('foo');
+
+		$request->setUrlParameters([
+			'var1' => 'value1',
+			'var2' => 'value2'
+		]);
+
+		// it should be possible to get unlimited number of URL parameters
+		// without reading the request body
+		$var1 = $request->getParam('var1');
+		$var2 = $request->getParam('var2');
+
+		$this->assertEquals('value1', $var1);
+		$this->assertEquals('value2', $var2);
+	}
+
 	public function testSetUrlParameters() {
 		$vars = [
 			'post' => [],