Manually type-case all AJAX files

This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:

Fixes https://github.com/owncloud/core/issues/14196 for core

1 files changed, 3 insertions, 3 deletions

diff --git a/apps/files_external/ajax/dropbox.php b/apps/files_external/ajax/dropbox.php
index db417de4b2d..8080ca390b1 100644
--- a/apps/files_external/ajax/dropbox.php
+++ b/apps/files_external/ajax/dropbox.php
@@ -8,13 +8,13 @@ OCP\JSON::callCheck();
 $l = \OC::$server->getL10N('files_external');
 
 if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
-	$oauth = new Dropbox_OAuth_Curl($_POST['app_key'], $_POST['app_secret']);
+	$oauth = new Dropbox_OAuth_Curl((string)$_POST['app_key'], (string)$_POST['app_secret']);
 	if (isset($_POST['step'])) {
 		switch ($_POST['step']) {
 			case 1:
 				try {
 					if (isset($_POST['callback'])) {
-						$callback = $_POST['callback'];
+						$callback = (string)$_POST['callback'];
 					} else {
 						$callback = null;
 					}
@@ -31,7 +31,7 @@ if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
 			case 2:
 				if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
 					try {
-						$oauth->setToken($_POST['request_token'], $_POST['request_token_secret']);
+						$oauth->setToken((string)$_POST['request_token'], (string)$_POST['request_token_secret']);
 						$token = $oauth->getAccessToken();
 						OCP\JSON::success(array('access_token' => $token['token'],
 												'access_token_secret' => $token['token_secret']));