diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2024-01-17 13:15:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-17 13:15:27 +0100 |
| commit | 831c144213f1dc2b7e48d10d56cea6854398f9c8 (patch) | |
| tree | 2db2027b2b03a2a20e8ba1c307e8a2a0d1e22727 | |
| parent | 78a194c0997f62457ce5b2cb1d1d6ee04fda363d (diff) | |
| parent | 9c0d99f80beaa34c3bfa783f4436c817a4a7043e (diff) | |
| download | nextcloud-server-831c144213f1dc2b7e48d10d56cea6854398f9c8.tar.gz nextcloud-server-831c144213f1dc2b7e48d10d56cea6854398f9c8.zip | |
Merge pull request #42865 from nextcloud/backport/42862/stable27
[stable27] fix(manifest): Check if app exists instead of accessing null as an array
| -rw-r--r-- | apps/theming/lib/Controller/IconController.php | 30 | ||||
| -rw-r--r-- | apps/theming/lib/Controller/ThemingController.php | 7 | ||||
| -rw-r--r-- | apps/theming/openapi.json | 10 | ||||
| -rw-r--r-- | apps/theming/tests/Controller/IconControllerTest.php | 7 | ||||
| -rw-r--r-- | core/templates/layout.guest.php | 2 | ||||
| -rw-r--r-- | core/templates/layout.public.php | 2 | ||||
| -rw-r--r-- | core/templates/layout.user.php | 2 |
7 files changed, 45 insertions, 15 deletions
diff --git a/apps/theming/lib/Controller/IconController.php b/apps/theming/lib/Controller/IconController.php index 1b16293a7f3..53575a52e3a 100644 --- a/apps/theming/lib/Controller/IconController.php +++ b/apps/theming/lib/Controller/IconController.php @@ -31,6 +31,7 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper; use OCA\Theming\IconBuilder; use OCA\Theming\ImageManager; use OCA\Theming\ThemingDefaults; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; @@ -49,24 +50,17 @@ class IconController extends Controller { private $imageManager; /** @var FileAccessHelper */ private $fileAccessHelper; + /** @var IAppManager */ + private $appManager; - /** - * IconController constructor. - * - * @param string $appName - * @param IRequest $request - * @param ThemingDefaults $themingDefaults - * @param IconBuilder $iconBuilder - * @param ImageManager $imageManager - * @param FileAccessHelper $fileAccessHelper - */ public function __construct( $appName, IRequest $request, ThemingDefaults $themingDefaults, IconBuilder $iconBuilder, ImageManager $imageManager, - FileAccessHelper $fileAccessHelper + FileAccessHelper $fileAccessHelper, + IAppManager $appManager ) { parent::__construct($appName, $request); @@ -74,6 +68,7 @@ class IconController extends Controller { $this->iconBuilder = $iconBuilder; $this->imageManager = $imageManager; $this->fileAccessHelper = $fileAccessHelper; + $this->appManager = $appManager; } /** @@ -86,6 +81,11 @@ class IconController extends Controller { * @throws \Exception */ public function getThemedIcon(string $app, string $image): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + $image = 'favicon.png'; + } + $color = $this->themingDefaults->getColorPrimary(); try { $iconFileName = $this->imageManager->getCachedImage('icon-' . $app . '-' . $color . str_replace('/', '_', $image)); @@ -112,6 +112,10 @@ class IconController extends Controller { * @throws \Exception */ public function getFavicon(string $app = 'core'): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + } + $response = null; $iconFile = null; try { @@ -151,6 +155,10 @@ class IconController extends Controller { * @throws \Exception */ public function getTouchIcon(string $app = 'core'): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + } + $response = null; try { $iconFile = $this->imageManager->getImage('favicon'); diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php index a323bac180b..260dec83947 100644 --- a/apps/theming/lib/Controller/ThemingController.php +++ b/apps/theming/lib/Controller/ThemingController.php @@ -386,6 +386,7 @@ class ThemingController extends Controller { /** * @NoCSRFRequired * @PublicPage + * @BruteForceProtection(action=manifest) * * @return Http\JSONResponse */ @@ -397,6 +398,12 @@ class ThemingController extends Controller { $startUrl = $this->urlGenerator->getBaseUrl(); $description = $this->themingDefaults->getSlogan(); } else { + if (!$this->appManager->isEnabledForUser($app)) { + $response = new Http\JSONResponse([], Http::STATUS_NOT_FOUND); + $response->throttle(['action' => 'manifest', 'app' => $app]); + return $response; + } + $info = $this->appManager->getAppInfo($app, false, $this->l10n->getLanguageCode()); $name = $info['name'] . ' - ' . $this->themingDefaults->getName(); $shortName = $info['name']; diff --git a/apps/theming/openapi.json b/apps/theming/openapi.json index 9ba6919161f..83abc4cc690 100644 --- a/apps/theming/openapi.json +++ b/apps/theming/openapi.json @@ -386,6 +386,16 @@ } } } + }, + "404": { + "description": "App not found", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } } } } diff --git a/apps/theming/tests/Controller/IconControllerTest.php b/apps/theming/tests/Controller/IconControllerTest.php index 470709a3fab..d2b52cf738a 100644 --- a/apps/theming/tests/Controller/IconControllerTest.php +++ b/apps/theming/tests/Controller/IconControllerTest.php @@ -33,6 +33,7 @@ use OCA\Theming\Controller\IconController; use OCA\Theming\IconBuilder; use OCA\Theming\ImageManager; use OCA\Theming\ThemingDefaults; +use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\FileDisplayResponse; @@ -57,6 +58,8 @@ class IconControllerTest extends TestCase { private $iconBuilder; /** @var FileAccessHelper|\PHPUnit\Framework\MockObject\MockObject */ private $fileAccessHelper; + /** @var IAppManager|\PHPUnit\Framework\MockObject\MockObject */ + private $appManager; /** @var ImageManager */ private $imageManager; @@ -66,6 +69,7 @@ class IconControllerTest extends TestCase { $this->iconBuilder = $this->createMock(IconBuilder::class); $this->imageManager = $this->createMock(ImageManager::class); $this->fileAccessHelper = $this->createMock(FileAccessHelper::class); + $this->appManager = $this->createMock(IAppManager::class); $this->timeFactory = $this->createMock(ITimeFactory::class); $this->timeFactory->expects($this->any()) @@ -80,7 +84,8 @@ class IconControllerTest extends TestCase { $this->themingDefaults, $this->iconBuilder, $this->imageManager, - $this->fileAccessHelper + $this->fileAccessHelper, + $this->appManager, ); parent::setUp(); diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php index 7a741d33a74..f24d3266274 100644 --- a/core/templates/layout.guest.php +++ b/core/templates/layout.guest.php @@ -20,7 +20,7 @@ p($theme->getTitle()); <link rel="icon" href="<?php print_unescaped(image_path('core', 'favicon.ico')); /* IE11+ supports png */ ?>"> <link rel="apple-touch-icon" href="<?php print_unescaped(image_path('core', 'favicon-touch.png')); ?>"> <link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path('core', 'favicon-mask.svg')); ?>" color="<?php p($theme->getColorPrimary()); ?>"> - <link rel="manifest" href="<?php print_unescaped(image_path('core', 'manifest.json')); ?>"> + <link rel="manifest" href="<?php print_unescaped(image_path('core', 'manifest.json')); ?>" crossorigin="use-credentials"> <?php emit_css_loading_tags($_); ?> <?php emit_script_loading_tags($_); ?> <?php print_unescaped($_['headers']); ?> diff --git a/core/templates/layout.public.php b/core/templates/layout.public.php index e5329716cc7..2c55240598c 100644 --- a/core/templates/layout.public.php +++ b/core/templates/layout.public.php @@ -21,7 +21,7 @@ p($theme->getTitle()); <link rel="apple-touch-icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>"> <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>"> <link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="<?php p($theme->getColorPrimary()); ?>"> - <link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>"> + <link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>" crossorigin="use-credentials"> <?php emit_css_loading_tags($_); ?> <?php emit_script_loading_tags($_); ?> <?php print_unescaped($_['headers']); ?> diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index aebcda5c849..5d5b4164971 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -37,7 +37,7 @@ p($theme->getTitle()); <link rel="apple-touch-icon" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>"> <link rel="apple-touch-icon-precomposed" href="<?php print_unescaped(image_path($_['appid'], 'favicon-touch.png')); ?>"> <link rel="mask-icon" sizes="any" href="<?php print_unescaped(image_path($_['appid'], 'favicon-mask.svg')); ?>" color="<?php p($theme->getColorPrimary()); ?>"> - <link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>"> + <link rel="manifest" href="<?php print_unescaped(image_path($_['appid'], 'manifest.json')); ?>" crossorigin="use-credentials"> <?php emit_css_loading_tags($_); ?> <?php emit_script_loading_tags($_); ?> <?php print_unescaped($_['headers']); ?> |