Manually type-case all AJAX files

This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:

Fixes https://github.com/owncloud/core/issues/14196 for core

5 files changed, 10 insertions, 10 deletions

diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php
index 503c15b53a9..fd2d72e112e 100644
--- a/apps/files_encryption/ajax/adminrecovery.php
+++ b/apps/files_encryption/ajax/adminrecovery.php
@@ -43,7 +43,7 @@ $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'rec
 
 if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') {
 
-	$return = Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']);
+	$return = Helper::adminEnableRecovery($recoveryKeyId, (string)$_POST['recoveryPassword']);
 
 	// Return success or failure
 	if ($return) {
@@ -57,7 +57,7 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1
 	isset($_POST['adminEnableRecovery'])
 	&& '0' === $_POST['adminEnableRecovery']
 ) {
-	$return = Helper::adminDisableRecovery($_POST['recoveryPassword']);
+	$return = Helper::adminDisableRecovery((string)$_POST['recoveryPassword']);
 
 	if ($return) {
 		$successMessage = $l->t('Recovery key successfully disabled');
diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php
index 3d31b12af7c..58472f0fe28 100644
--- a/apps/files_encryption/ajax/changeRecoveryPassword.php
+++ b/apps/files_encryption/ajax/changeRecoveryPassword.php
@@ -17,9 +17,9 @@ $l = \OC::$server->getL10N('core');
 
 $return = false;
 
-$oldPassword = $_POST['oldPassword'];
-$newPassword = $_POST['newPassword'];
-$confirmPassword = $_POST['confirmPassword'];
+$oldPassword = (string)$_POST['oldPassword'];
+$newPassword = (string)$_POST['newPassword'];
+$confirmPassword = (string)$_POST['confirmPassword'];
 
 //check if both passwords are the same
 if (empty($_POST['oldPassword'])) {
diff --git a/apps/files_encryption/ajax/getMigrationStatus.php b/apps/files_encryption/ajax/getMigrationStatus.php
index bb260199b19..ef3eb9fb10d 100644
--- a/apps/files_encryption/ajax/getMigrationStatus.php
+++ b/apps/files_encryption/ajax/getMigrationStatus.php
@@ -11,8 +11,8 @@ use OCA\Files_Encryption\Util;
 
 \OCP\JSON::checkAppEnabled('files_encryption');
 
-$loginname = isset($_POST['user']) ? $_POST['user'] : '';
-$password = isset($_POST['password']) ? $_POST['password'] : '';
+$loginname = isset($_POST['user']) ? (string)$_POST['user'] : '';
+$password = isset($_POST['password']) ? (string)$_POST['password'] : '';
 
 $migrationStatus = Util::MIGRATION_COMPLETED;
 
diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
index 7161b0cff92..8dceb5a5209 100644
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@@ -18,8 +18,8 @@ $l = \OC::$server->getL10N('core');
 $return = false;
 $errorMessage = $l->t('Could not update the private key password.');
 
-$oldPassword = $_POST['oldPassword'];
-$newPassword = $_POST['newPassword'];
+$oldPassword = (string)$_POST['oldPassword'];
+$newPassword = (string)$_POST['newPassword'];
 
 $view = new \OC\Files\View('/');
 $session = new \OCA\Files_Encryption\Session($view);
diff --git a/apps/files_encryption/ajax/userrecovery.php b/apps/files_encryption/ajax/userrecovery.php
index e49fee83a36..f42a6a4f477 100644
--- a/apps/files_encryption/ajax/userrecovery.php
+++ b/apps/files_encryption/ajax/userrecovery.php
@@ -23,7 +23,7 @@ if (
 	$util = new \OCA\Files_Encryption\Util($view, $userId);
 
 	// Save recovery preference to DB
-	$return = $util->setRecoveryForUser($_POST['userEnableRecovery']);
+	$return = $util->setRecoveryForUser((string)$_POST['userEnableRecovery']);
 
 	if ($_POST['userEnableRecovery'] === '1') {
 		$util->addRecoveryKeys();