diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2025-05-16 16:44:38 +0200 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2025-08-12 09:03:53 +0200 |
| commit | e63cc09895b05496fdbb5974ef697546e11d5ffc (patch) | |
| tree | a460e9b77b7cb281c8d451bc67f344cafe54e369 | |
| parent | 4ccb4c2e1f266b640f2123d929a9f0845b20afec (diff) | |
| download | nextcloud-server-backport/52911/stable31.tar.gz nextcloud-server-backport/52911/stable31.zip | |
fix(installer): ensure valid tempFile & extractDirbackport/52911/stable31
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| -rw-r--r-- | build/psalm-baseline.xml | 3 | ||||
| -rw-r--r-- | lib/private/Installer.php | 9 | ||||
| -rw-r--r-- | lib/private/legacy/OC_Helper.php | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index 2ab9fedb1c6..d5e85bdd98c 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -2599,9 +2599,6 @@ <code><![CDATA[$matches[0][$last_match]]]></code> <code><![CDATA[$matches[1][$last_match]]]></code> </InvalidArrayOffset> - <InvalidScalarArgument> - <code><![CDATA[$path]]></code> - </InvalidScalarArgument> <UndefinedInterfaceMethod> <code><![CDATA[getQuota]]></code> </UndefinedInterfaceMethod> diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 5300a485d80..c64fedea792 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -241,6 +241,10 @@ class Installer { // Download the release $tempFile = $this->tempManager->getTemporaryFile('.tar.gz'); + if ($tempFile === false) { + throw new \RuntimeException('Could not create temporary file for downloading app archive.'); + } + $timeout = $this->isCLI ? 0 : 120; $client = $this->clientService->newClient(); $client->get($app['releases'][0]['download'], ['sink' => $tempFile, 'timeout' => $timeout]); @@ -252,8 +256,11 @@ class Installer { if ($verified === true) { // Seems to match, let's proceed $extractDir = $this->tempManager->getTemporaryFolder(); - $archive = new TAR($tempFile); + if ($extractDir === false) { + throw new \RuntimeException('Could not create temporary directory for unpacking app.'); + } + $archive = new TAR($tempFile); if (!$archive->extract($extractDir)) { $errorMessage = 'Could not extract app ' . $appId; diff --git a/lib/private/legacy/OC_Helper.php b/lib/private/legacy/OC_Helper.php index a89cbe1bb3a..459b79d6894 100644 --- a/lib/private/legacy/OC_Helper.php +++ b/lib/private/legacy/OC_Helper.php @@ -206,7 +206,7 @@ class OC_Helper { $exts = ['']; $check_fn = 'is_executable'; // Default check will be done with $path directories : - $dirs = explode(PATH_SEPARATOR, $path); + $dirs = explode(PATH_SEPARATOR, (string)$path); // WARNING : We have to check if open_basedir is enabled : $obd = OC::$server->get(IniGetWrapper::class)->getString('open_basedir'); if ($obd != 'none') { |