diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
| commit | a7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch) | |
| tree | 54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /apps/files_trashbin | |
| parent | 51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff) | |
| download | nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip | |
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:
Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'apps/files_trashbin')
| -rw-r--r-- | apps/files_trashbin/ajax/delete.php | 4 | ||||
| -rw-r--r-- | apps/files_trashbin/ajax/list.php | 6 | ||||
| -rw-r--r-- | apps/files_trashbin/ajax/undelete.php | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/apps/files_trashbin/ajax/delete.php b/apps/files_trashbin/ajax/delete.php index 72553fa0ee0..812c5029698 100644 --- a/apps/files_trashbin/ajax/delete.php +++ b/apps/files_trashbin/ajax/delete.php @@ -7,7 +7,7 @@ OCP\JSON::callCheck(); $folder = isset($_POST['dir']) ? $_POST['dir'] : '/'; // "empty trash" command -if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){ +if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true'){ $deleteAll = true; if ($folder === '/' || $folder === '') { OCA\Files_Trashbin\Trashbin::deleteAll(); @@ -19,7 +19,7 @@ if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){ } else { $deleteAll = false; - $files = $_POST['files']; + $files = (string)$_POST['files']; $list = json_decode($files); } diff --git a/apps/files_trashbin/ajax/list.php b/apps/files_trashbin/ajax/list.php index e25301a26cb..0a78b44fd9a 100644 --- a/apps/files_trashbin/ajax/list.php +++ b/apps/files_trashbin/ajax/list.php @@ -4,9 +4,9 @@ OCP\JSON::checkLoggedIn(); \OC::$server->getSession()->close(); // Load the files -$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; -$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name'; -$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false; +$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; +$sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name'; +$sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false; $data = array(); // make filelist diff --git a/apps/files_trashbin/ajax/undelete.php b/apps/files_trashbin/ajax/undelete.php index ab7d57f5a7f..558761680cc 100644 --- a/apps/files_trashbin/ajax/undelete.php +++ b/apps/files_trashbin/ajax/undelete.php @@ -7,10 +7,10 @@ OCP\JSON::callCheck(); $files = $_POST['files']; $dir = '/'; if (isset($_POST['dir'])) { - $dir = rtrim($_POST['dir'], '/'). '/'; + $dir = rtrim((string)$_POST['dir'], '/'). '/'; } $allFiles = false; -if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true') { +if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true') { $allFiles = true; $list = array(); $dirListing = true; |