use OCP\IRequest;
class LayoutApiController extends OCSController {
-
/** @var IConfig */
private $config;
/** @var string */
* @return JSONResponse
*/
public function create(string $layout): JSONResponse {
+ $layout = htmlspecialchars($layout);
$this->config->setUserValue($this->userId, 'dashboard', 'layout', $layout);
return new JSONResponse(['layout' => $layout]);
}
* @param bool $stripTrailingSlash whether to strip the trailing slash
* @param bool $isAbsolutePath whether the given path is absolute
* @param bool $keepUnicode true to disable unicode normalization
+ * @psalm-taint-escape file
* @return string
*/
public static function normalizePath($path, $stripTrailingSlash = true, $isAbsolutePath = false, $keepUnicode = false) {
*
* @psalm-taint-escape file
* @psalm-taint-escape include
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
*
* @param string $app AppId that needs to be cleaned
* @return string
*/
public static function cleanAppId(string $app): string {
- return str_replace(['\0', '/', '\\', '..'], '', $app);
+ return str_replace(['<', '>', '"', "'", '\0', '/', '\\', '..'], '', $app);
}
/**