Ensure that passed argument is always a string

Some code paths called the `normalizePath` functionality with types other than a string which resulted in unexpected behaviour.

Thus the function is now manually casting the type to a string and I corrected the usage in list.php as well.

2 files changed, 9 insertions, 1 deletions

diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index 0be38c3b96f..d32f8e0d950 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -9,7 +9,7 @@ $RUNTIME_APPTYPES=array('filesystem');
 OCP\JSON::checkLoggedIn();
 
 // Load the files
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
+$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
 $dir = \OC\Files\Filesystem::normalizePath($dir);
 if (!\OC\Files\Filesystem::is_dir($dir . '/')) {
 	header("HTTP/1.0 404 Not Found");
diff --git a/lib/private/files/filesystem.php b/lib/private/files/filesystem.php
index 7b031cb88c7..5e6bdfaa4ef 100644
--- a/lib/private/files/filesystem.php
+++ b/lib/private/files/filesystem.php
@@ -616,6 +616,14 @@ class Filesystem {
 	 * @return string
 	 */
 	public static function normalizePath($path, $stripTrailingSlash = true) {
+		/**
+		 * FIXME: This is a workaround for existing classes and files which call
+		 *        this function with another type than a valid string. This
+		 *        conversion should get removed as soon as all existing
+		 *        function calls have been fixed.
+		 */
+		$path = (string)$path;
+
 		if ($path == '') {
 			return '/';
 		}