diff options
| author | Julius Haertl <jus@bitgrid.net> | 2016-11-04 18:55:00 +0100 |
|---|---|---|
| committer | Julius Haertl <jus@bitgrid.net> | 2016-11-18 10:23:25 +0100 |
| commit | 78de213b8582f160b9e3acd1d921a6dd1ccd88d9 (patch) | |
| tree | ef7374ebd57633a9e6f7af8f8880d0134bbae890 /apps/theming/lib/Util.php | |
| parent | 3a400f92d1936b2b752d813cbb27632d6acb9904 (diff) | |
| download | nextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.tar.gz nextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.zip | |
Sanitize input and small fixes
Signed-off-by: Julius Haertl <jus@bitgrid.net>
Diffstat (limited to 'apps/theming/lib/Util.php')
| -rw-r--r-- | apps/theming/lib/Util.php | 76 |
1 files changed, 46 insertions, 30 deletions
diff --git a/apps/theming/lib/Util.php b/apps/theming/lib/Util.php index 84c631092a8..963cf56633b 100644 --- a/apps/theming/lib/Util.php +++ b/apps/theming/lib/Util.php @@ -28,9 +28,18 @@ use OCP\Files\IRootFolder; class Util { + /** @var IConfig */ private $config; + + /** @var IRootFolder */ private $rootFolder; + /** + * Util constructor. + * + * @param IConfig $config + * @param IRootFolder $rootFolder + */ public function __construct(IConfig $config, IRootFolder $rootFolder) { $this->config = $config; $this->rootFolder = $rootFolder; @@ -98,14 +107,17 @@ class Util { * @return string path to app icon / logo */ public function getAppIcon($app) { + $app = str_replace(array('\0', '/', '\\', '..'), '', $app); $appPath = \OC_App::getAppPath($app); - $icon = $appPath . '/img/' . $app . '.svg'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/app.svg'; - if(file_exists($icon)) { - return $icon; + if ($appPath !== false) { + $icon = $appPath . '/img/' . $app . '.svg'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/app.svg'; + if (file_exists($icon)) { + return $icon; + } } if($this->config->getAppValue('theming', 'logoMime', '') !== '' && $this->rootFolder->nodeExists('/themedinstancelogo')) { return $this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data/') . '/themedinstancelogo'; @@ -119,32 +131,36 @@ class Util { * @return string absolute path to image */ public function getAppImage($app, $image) { + $app = str_replace(array('\0', '/', '\\', '..'), '', $app); + $image = str_replace(array('\0', '\\', '..'), '', $image); $appPath = \OC_App::getAppPath($app); - if($app==="core") { - $icon = \OC::$SERVERROOT . '/core/img/' . $image; - if(file_exists($icon)) { + if ($app === "core") { + $icon = \OC::$SERVERROOT . '/core/img/' . $image; + if (file_exists($icon)) { + return $icon; + } + } + if ($appPath !== false) { + $icon = $appPath . '/img/' . $image; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.svg'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.png'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.gif'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.jpg'; + if (file_exists($icon)) { return $icon; } - } - $icon = $appPath . '/img/' . $image; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.svg'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.png'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.gif'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.jpg'; - if(file_exists($icon)) { - return $icon; } return false; } |