diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2025-05-16 16:44:38 +0200 |
|---|---|---|
| committer | skjnldsv <skjnldsv@protonmail.com> | 2025-08-12 09:06:32 +0200 |
| commit | d4fdf5cee002cfbf13d205baed63bb2cd494f623 (patch) | |
| tree | 99ed9aa7d1cc5ea98eb6d52d310c3eb17fa3219a | |
| parent | c9635512ab013cc88217fb0e37aa5aebb7256a02 (diff) | |
| download | nextcloud-server-backport/54373/stable30.tar.gz nextcloud-server-backport/54373/stable30.zip | |
fix(installer): ensure valid tempFile & extractDirbackport/54373/stable30
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
| -rw-r--r-- | build/psalm-baseline.xml | 3 | ||||
| -rw-r--r-- | lib/private/Installer.php | 9 | ||||
| -rw-r--r-- | lib/private/legacy/OC_Helper.php | 2 |
3 files changed, 9 insertions, 5 deletions
diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index 1890132c5fc..7eb7880945d 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -2842,9 +2842,6 @@ <code><![CDATA[$matches[0][$last_match]]]></code> <code><![CDATA[$matches[1][$last_match]]]></code> </InvalidArrayOffset> - <InvalidScalarArgument> - <code><![CDATA[$path]]></code> - </InvalidScalarArgument> <UndefinedInterfaceMethod> <code><![CDATA[getQuota]]></code> </UndefinedInterfaceMethod> diff --git a/lib/private/Installer.php b/lib/private/Installer.php index 0ae374ce6e2..41fea28553e 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -241,6 +241,10 @@ class Installer { // Download the release $tempFile = $this->tempManager->getTemporaryFile('.tar.gz'); + if ($tempFile === false) { + throw new \RuntimeException('Could not create temporary file for downloading app archive.'); + } + $timeout = $this->isCLI ? 0 : 120; $client = $this->clientService->newClient(); $client->get($app['releases'][0]['download'], ['sink' => $tempFile, 'timeout' => $timeout]); @@ -252,8 +256,11 @@ class Installer { if ($verified === true) { // Seems to match, let's proceed $extractDir = $this->tempManager->getTemporaryFolder(); - $archive = new TAR($tempFile); + if ($extractDir === false) { + throw new \RuntimeException('Could not create temporary directory for unpacking app.'); + } + $archive = new TAR($tempFile); if (!$archive->extract($extractDir)) { $errorMessage = 'Could not extract app ' . $appId; diff --git a/lib/private/legacy/OC_Helper.php b/lib/private/legacy/OC_Helper.php index 185394e3ed1..a8940ad2653 100644 --- a/lib/private/legacy/OC_Helper.php +++ b/lib/private/legacy/OC_Helper.php @@ -206,7 +206,7 @@ class OC_Helper { $exts = ['']; $check_fn = 'is_executable'; // Default check will be done with $path directories : - $dirs = explode(PATH_SEPARATOR, $path); + $dirs = explode(PATH_SEPARATOR, (string) $path); // WARNING : We have to check if open_basedir is enabled : $obd = OC::$server->get(IniGetWrapper::class)->getString('open_basedir'); if ($obd != 'none') { |