diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-12-11 08:59:45 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-01-17 09:30:44 +0100 |
| commit | 84a380a3b2293719a560351a0b615508fc583f51 (patch) | |
| tree | 76d49f3d820a4c07be465a66b0ec1e882521d522 /apps/theming/lib | |
| parent | c21df323b09a47f5a5fa331ff160a57320bce3b6 (diff) | |
| download | nextcloud-server-84a380a3b2293719a560351a0b615508fc583f51.tar.gz nextcloud-server-84a380a3b2293719a560351a0b615508fc583f51.zip | |
fix(manifest): Check if app exists instead of accessing null as an array
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/theming/lib')
| -rw-r--r-- | apps/theming/lib/Controller/IconController.php | 30 | ||||
| -rw-r--r-- | apps/theming/lib/Controller/ThemingController.php | 12 |
2 files changed, 29 insertions, 13 deletions
diff --git a/apps/theming/lib/Controller/IconController.php b/apps/theming/lib/Controller/IconController.php index 6ad67c4667a..216ca88d375 100644 --- a/apps/theming/lib/Controller/IconController.php +++ b/apps/theming/lib/Controller/IconController.php @@ -32,6 +32,7 @@ use OC\IntegrityCheck\Helpers\FileAccessHelper; use OCA\Theming\IconBuilder; use OCA\Theming\ImageManager; use OCA\Theming\ThemingDefaults; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataDisplayResponse; @@ -50,24 +51,17 @@ class IconController extends Controller { private $imageManager; /** @var FileAccessHelper */ private $fileAccessHelper; + /** @var IAppManager */ + private $appManager; - /** - * IconController constructor. - * - * @param string $appName - * @param IRequest $request - * @param ThemingDefaults $themingDefaults - * @param IconBuilder $iconBuilder - * @param ImageManager $imageManager - * @param FileAccessHelper $fileAccessHelper - */ public function __construct( $appName, IRequest $request, ThemingDefaults $themingDefaults, IconBuilder $iconBuilder, ImageManager $imageManager, - FileAccessHelper $fileAccessHelper + FileAccessHelper $fileAccessHelper, + IAppManager $appManager ) { parent::__construct($appName, $request); @@ -75,6 +69,7 @@ class IconController extends Controller { $this->iconBuilder = $iconBuilder; $this->imageManager = $imageManager; $this->fileAccessHelper = $fileAccessHelper; + $this->appManager = $appManager; } /** @@ -92,6 +87,11 @@ class IconController extends Controller { * 404: Themed icon not found */ public function getThemedIcon(string $app, string $image): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + $image = 'favicon.png'; + } + $color = $this->themingDefaults->getColorPrimary(); try { $iconFileName = $this->imageManager->getCachedImage('icon-' . $app . '-' . $color . str_replace('/', '_', $image)); @@ -121,6 +121,10 @@ class IconController extends Controller { * 404: Favicon not found */ public function getFavicon(string $app = 'core'): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + } + $response = null; $iconFile = null; try { @@ -163,6 +167,10 @@ class IconController extends Controller { * 404: Touch icon not found */ public function getTouchIcon(string $app = 'core'): Response { + if ($app !== 'core' && !$this->appManager->isEnabledForUser($app)) { + $app = 'core'; + } + $response = null; try { $iconFile = $this->imageManager->getImage('favicon'); diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php index b4bf6d1c3cd..91012d1e37a 100644 --- a/apps/theming/lib/Controller/ThemingController.php +++ b/apps/theming/lib/Controller/ThemingController.php @@ -445,16 +445,18 @@ class ThemingController extends Controller { /** * @NoCSRFRequired * @PublicPage + * @BruteForceProtection(action=manifest) * * Get the manifest for an app * * @param string $app ID of the app * @psalm-suppress LessSpecificReturnStatement The content of the Manifest doesn't need to be described in the return type - * @return JSONResponse<Http::STATUS_OK, array{name: string, short_name: string, start_url: string, theme_color: string, background_color: string, description: string, icons: array{src: non-empty-string, type: string, sizes: string}[], display: string}, array{}> + * @return JSONResponse<Http::STATUS_OK, array{name: string, short_name: string, start_url: string, theme_color: string, background_color: string, description: string, icons: array{src: non-empty-string, type: string, sizes: string}[], display: string}, array{}>|JSONResponse<Http::STATUS_NOT_FOUND, array{}, array{}> * * 200: Manifest returned + * 404: App not found */ - public function getManifest(string $app) { + public function getManifest(string $app): JSONResponse { $cacheBusterValue = $this->config->getAppValue('theming', 'cachebuster', '0'); if ($app === 'core' || $app === 'settings') { $name = $this->themingDefaults->getName(); @@ -462,6 +464,12 @@ class ThemingController extends Controller { $startUrl = $this->urlGenerator->getBaseUrl(); $description = $this->themingDefaults->getSlogan(); } else { + if (!$this->appManager->isEnabledForUser($app)) { + $response = new JSONResponse([], Http::STATUS_NOT_FOUND); + $response->throttle(['action' => 'manifest', 'app' => $app]); + return $response; + } + $info = $this->appManager->getAppInfo($app, false, $this->l10n->getLanguageCode()); $name = $info['name'] . ' - ' . $this->themingDefaults->getName(); $shortName = $info['name']; |