Manually type-case all AJAX files

This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:

Fixes https://github.com/owncloud/core/issues/14196 for core

5 files changed, 17 insertions, 17 deletions

diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php
index 4903120c2a8..fa7f0e53fe6 100644
--- a/apps/files_external/ajax/addMountPoint.php
+++ b/apps/files_external/ajax/addMountPoint.php
@@ -11,12 +11,12 @@ if ($_POST['isPersonal'] == 'true') {
 	$isPersonal = false;
 }
 
-$mountPoint = $_POST['mountPoint'];
-$oldMountPoint = $_POST['oldMountPoint'];
-$class = $_POST['class'];
-$options = $_POST['classOptions'];
-$type = $_POST['mountType'];
-$applicable = $_POST['applicable'];
+$mountPoint = (string)$_POST['mountPoint'];
+$oldMountPoint = (string)$_POST['oldMountPoint'];
+$class = (string)$_POST['class'];
+$options = (string)$_POST['classOptions'];
+$type = (string)$_POST['mountType'];
+$applicable = (string)$_POST['applicable'];
 
 if ($oldMountPoint and $oldMountPoint !== $mountPoint) {
 	OC_Mount_Config::removeMountPoint($oldMountPoint, $type, $applicable, $isPersonal);
diff --git a/apps/files_external/ajax/applicable.php b/apps/files_external/ajax/applicable.php
index 1f0147758e7..3af6aef57fb 100644
--- a/apps/files_external/ajax/applicable.php
+++ b/apps/files_external/ajax/applicable.php
@@ -9,13 +9,13 @@ $pattern = '';
 $limit = null;
 $offset = null;
 if (isset($_GET['pattern'])) {
-	$pattern = $_GET['pattern'];
+	$pattern = (string)$_GET['pattern'];
 }
 if (isset($_GET['limit'])) {
-	$limit = $_GET['limit'];
+	$limit = (int)$_GET['limit'];
 }
 if (isset($_GET['offset'])) {
-	$offset = $_GET['offset'];
+	$offset = (int)$_GET['offset'];
 }
 
 $groups = \OC_Group::getGroups($pattern, $limit, $offset);
diff --git a/apps/files_external/ajax/dropbox.php b/apps/files_external/ajax/dropbox.php
index db417de4b2d..8080ca390b1 100644
--- a/apps/files_external/ajax/dropbox.php
+++ b/apps/files_external/ajax/dropbox.php
@@ -8,13 +8,13 @@ OCP\JSON::callCheck();
 $l = \OC::$server->getL10N('files_external');
 
 if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
-	$oauth = new Dropbox_OAuth_Curl($_POST['app_key'], $_POST['app_secret']);
+	$oauth = new Dropbox_OAuth_Curl((string)$_POST['app_key'], (string)$_POST['app_secret']);
 	if (isset($_POST['step'])) {
 		switch ($_POST['step']) {
 			case 1:
 				try {
 					if (isset($_POST['callback'])) {
-						$callback = $_POST['callback'];
+						$callback = (string)$_POST['callback'];
 					} else {
 						$callback = null;
 					}
@@ -31,7 +31,7 @@ if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
 			case 2:
 				if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
 					try {
-						$oauth->setToken($_POST['request_token'], $_POST['request_token_secret']);
+						$oauth->setToken((string)$_POST['request_token'], (string)$_POST['request_token_secret']);
 						$token = $oauth->getAccessToken();
 						OCP\JSON::success(array('access_token' => $token['token'],
 												'access_token_secret' => $token['token_secret']));
diff --git a/apps/files_external/ajax/google.php b/apps/files_external/ajax/google.php
index b80f24bbd2c..66c244acfbc 100644
--- a/apps/files_external/ajax/google.php
+++ b/apps/files_external/ajax/google.php
@@ -10,9 +10,9 @@ $l = \OC::$server->getL10N('files_external');
 
 if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST['redirect'])) {
 	$client = new Google_Client();
-	$client->setClientId($_POST['client_id']);
-	$client->setClientSecret($_POST['client_secret']);
-	$client->setRedirectUri($_POST['redirect']);
+	$client->setClientId((string)$_POST['client_id']);
+	$client->setClientSecret((string)$_POST['client_secret']);
+	$client->setRedirectUri((string)$_POST['redirect']);
 	$client->setScopes(array('https://www.googleapis.com/auth/drive'));
 	$client->setAccessType('offline');
 	if (isset($_POST['step'])) {
@@ -30,7 +30,7 @@ if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST
 			}
 		} else if ($step == 2 && isset($_POST['code'])) {
 			try {
-				$token = $client->authenticate($_POST['code']);
+				$token = $client->authenticate((string)$_POST['code']);
 				OCP\JSON::success(array('data' => array(
 					'token' => $token
 				)));
diff --git a/apps/files_external/ajax/removeMountPoint.php b/apps/files_external/ajax/removeMountPoint.php
index 2f5dbcfdbac..0870911544b 100644
--- a/apps/files_external/ajax/removeMountPoint.php
+++ b/apps/files_external/ajax/removeMountPoint.php
@@ -20,4 +20,4 @@ if ($_POST['isPersonal'] == 'true') {
 	$isPersonal = false;
 }
 
-OC_Mount_Config::removeMountPoint($_POST['mountPoint'], $_POST['mountType'], $_POST['applicable'], $isPersonal);
+OC_Mount_Config::removeMountPoint((string)$_POST['mountPoint'], (string)$_POST['mountType'], (string)$_POST['applicable'], $isPersonal);