diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2023-11-21 14:34:39 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-21 14:34:39 +0100 |
| commit | 151ff38fc9077dfdc100279f1d7182de5a77d82a (patch) | |
| tree | 4de6ac6020baf00aa1e35d82537ae49e0d1540e1 | |
| parent | f74084cd3de6e199fc10a66d2072abfac27e179d (diff) | |
| parent | fa2c834aab79fa96112d16e569190facd2c589b6 (diff) | |
| download | nextcloud-server-151ff38fc9077dfdc100279f1d7182de5a77d82a.tar.gz nextcloud-server-151ff38fc9077dfdc100279f1d7182de5a77d82a.zip | |
Merge pull request #41635 from nextcloud/fix/settings-apporder
fix(theming): Adjust config listener to validate `apporder` config also for closure navigation
| -rw-r--r-- | apps/theming/lib/Listener/BeforePreferenceListener.php | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/apps/theming/lib/Listener/BeforePreferenceListener.php b/apps/theming/lib/Listener/BeforePreferenceListener.php index 96d4ba6cf0d..5eaf84d5226 100644 --- a/apps/theming/lib/Listener/BeforePreferenceListener.php +++ b/apps/theming/lib/Listener/BeforePreferenceListener.php @@ -79,12 +79,16 @@ class BeforePreferenceListener implements IEventListener { } $value = json_decode($event->getConfigValue(), true, flags:JSON_THROW_ON_ERROR); - if (is_array(($value))) { - foreach ($value as $id => $info) { - if (!is_array($info) || empty($info) || !isset($info['app']) || !$this->appManager->isEnabledForUser($info['app']) || !is_numeric($info['order'] ?? '')) { - // Invalid config value, refuse the change - return; - } + if (!is_array(($value))) { + // Must be an array + return; + } + + foreach ($value as $id => $info) { + // required format: [ navigation_id: string => [ order: int, app?: string ] ] + if (!is_string($id) || !is_array($info) || empty($info) || !isset($info['order']) || !is_numeric($info['order']) || (isset($info['app']) && !$this->appManager->isEnabledForUser($info['app']))) { + // Invalid config value, refuse the change + return; } } $event->setValid(true); |