diff options
author | Julius Haertl <jus@bitgrid.net> | 2016-11-04 18:55:00 +0100 |
---|---|---|
committer | Julius Haertl <jus@bitgrid.net> | 2016-11-18 10:23:25 +0100 |
commit | 78de213b8582f160b9e3acd1d921a6dd1ccd88d9 (patch) | |
tree | ef7374ebd57633a9e6f7af8f8880d0134bbae890 /apps/theming/lib | |
parent | 3a400f92d1936b2b752d813cbb27632d6acb9904 (diff) | |
download | nextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.tar.gz nextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.zip |
Sanitize input and small fixes
Signed-off-by: Julius Haertl <jus@bitgrid.net>
Diffstat (limited to 'apps/theming/lib')
-rw-r--r-- | apps/theming/lib/Controller/IconController.php | 7 | ||||
-rw-r--r-- | apps/theming/lib/ImageManager.php | 3 | ||||
-rw-r--r-- | apps/theming/lib/ThemingDefaults.php | 1 | ||||
-rw-r--r-- | apps/theming/lib/Util.php | 76 |
4 files changed, 52 insertions, 35 deletions
diff --git a/apps/theming/lib/Controller/IconController.php b/apps/theming/lib/Controller/IconController.php index 08d5b50120f..519c52f5fa9 100644 --- a/apps/theming/lib/Controller/IconController.php +++ b/apps/theming/lib/Controller/IconController.php @@ -27,6 +27,7 @@ use OCA\Theming\ImageManager; use OCA\Theming\ThemingDefaults; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\DataDisplayResponse; use OCP\AppFramework\Http\FileDisplayResponse; use OCP\AppFramework\Utility\ITimeFactory; @@ -131,7 +132,8 @@ class IconController extends Controller { $response->addHeader('Expires', $expires->format(\DateTime::RFC2822)); $response->addHeader('Pragma', 'cache'); } else { - $response = new DataDisplayResponse(null, Http::STATUS_NOT_FOUND); + $response = new Response(); + $response->setStatus(Http::STATUS_NOT_FOUND); $response->cacheFor(0); $response->setLastModified(new \DateTime('now', new \DateTimeZone('GMT'))); } @@ -163,7 +165,8 @@ class IconController extends Controller { $response->addHeader('Expires', $expires->format(\DateTime::RFC2822)); $response->addHeader('Pragma', 'cache'); } else { - $response = new DataDisplayResponse(null, Http::STATUS_NOT_FOUND); + $response = new Response(); + $response->setStatus(Http::STATUS_NOT_FOUND); $response->cacheFor(0); $response->setLastModified(new \DateTime('now', new \DateTimeZone('GMT'))); } diff --git a/apps/theming/lib/ImageManager.php b/apps/theming/lib/ImageManager.php index e7dcfa92190..4cd43e02054 100644 --- a/apps/theming/lib/ImageManager.php +++ b/apps/theming/lib/ImageManager.php @@ -109,7 +109,4 @@ class ImageManager { } } } - - - } diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php index 2c344172127..36f19157637 100644 --- a/apps/theming/lib/ThemingDefaults.php +++ b/apps/theming/lib/ThemingDefaults.php @@ -58,6 +58,7 @@ class ThemingDefaults extends \OC_Defaults { * @param IURLGenerator $urlGenerator * @param \OC_Defaults $defaults * @param IRootFolder $rootFolder + * @param ICacheFactory $cacheFactory */ public function __construct(IConfig $config, IL10N $l, diff --git a/apps/theming/lib/Util.php b/apps/theming/lib/Util.php index 84c631092a8..963cf56633b 100644 --- a/apps/theming/lib/Util.php +++ b/apps/theming/lib/Util.php @@ -28,9 +28,18 @@ use OCP\Files\IRootFolder; class Util { + /** @var IConfig */ private $config; + + /** @var IRootFolder */ private $rootFolder; + /** + * Util constructor. + * + * @param IConfig $config + * @param IRootFolder $rootFolder + */ public function __construct(IConfig $config, IRootFolder $rootFolder) { $this->config = $config; $this->rootFolder = $rootFolder; @@ -98,14 +107,17 @@ class Util { * @return string path to app icon / logo */ public function getAppIcon($app) { + $app = str_replace(array('\0', '/', '\\', '..'), '', $app); $appPath = \OC_App::getAppPath($app); - $icon = $appPath . '/img/' . $app . '.svg'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/app.svg'; - if(file_exists($icon)) { - return $icon; + if ($appPath !== false) { + $icon = $appPath . '/img/' . $app . '.svg'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/app.svg'; + if (file_exists($icon)) { + return $icon; + } } if($this->config->getAppValue('theming', 'logoMime', '') !== '' && $this->rootFolder->nodeExists('/themedinstancelogo')) { return $this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data/') . '/themedinstancelogo'; @@ -119,32 +131,36 @@ class Util { * @return string absolute path to image */ public function getAppImage($app, $image) { + $app = str_replace(array('\0', '/', '\\', '..'), '', $app); + $image = str_replace(array('\0', '\\', '..'), '', $image); $appPath = \OC_App::getAppPath($app); - if($app==="core") { - $icon = \OC::$SERVERROOT . '/core/img/' . $image; - if(file_exists($icon)) { + if ($app === "core") { + $icon = \OC::$SERVERROOT . '/core/img/' . $image; + if (file_exists($icon)) { + return $icon; + } + } + if ($appPath !== false) { + $icon = $appPath . '/img/' . $image; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.svg'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.png'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.gif'; + if (file_exists($icon)) { + return $icon; + } + $icon = $appPath . '/img/' . $image . '.jpg'; + if (file_exists($icon)) { return $icon; } - } - $icon = $appPath . '/img/' . $image; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.svg'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.png'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.gif'; - if(file_exists($icon)) { - return $icon; - } - $icon = $appPath . '/img/' . $image . '.jpg'; - if(file_exists($icon)) { - return $icon; } return false; } |