summaryrefslogtreecommitdiffstats
path: root/apps/theming/lib
diff options
context:
space:
mode:
authorJulius Haertl <jus@bitgrid.net>2016-11-04 18:55:00 +0100
committerJulius Haertl <jus@bitgrid.net>2016-11-18 10:23:25 +0100
commit78de213b8582f160b9e3acd1d921a6dd1ccd88d9 (patch)
treeef7374ebd57633a9e6f7af8f8880d0134bbae890 /apps/theming/lib
parent3a400f92d1936b2b752d813cbb27632d6acb9904 (diff)
downloadnextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.tar.gz
nextcloud-server-78de213b8582f160b9e3acd1d921a6dd1ccd88d9.zip
Sanitize input and small fixes
Signed-off-by: Julius Haertl <jus@bitgrid.net>
Diffstat (limited to 'apps/theming/lib')
-rw-r--r--apps/theming/lib/Controller/IconController.php7
-rw-r--r--apps/theming/lib/ImageManager.php3
-rw-r--r--apps/theming/lib/ThemingDefaults.php1
-rw-r--r--apps/theming/lib/Util.php76
4 files changed, 52 insertions, 35 deletions
diff --git a/apps/theming/lib/Controller/IconController.php b/apps/theming/lib/Controller/IconController.php
index 08d5b50120f..519c52f5fa9 100644
--- a/apps/theming/lib/Controller/IconController.php
+++ b/apps/theming/lib/Controller/IconController.php
@@ -27,6 +27,7 @@ use OCA\Theming\ImageManager;
use OCA\Theming\ThemingDefaults;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\DataDisplayResponse;
use OCP\AppFramework\Http\FileDisplayResponse;
use OCP\AppFramework\Utility\ITimeFactory;
@@ -131,7 +132,8 @@ class IconController extends Controller {
$response->addHeader('Expires', $expires->format(\DateTime::RFC2822));
$response->addHeader('Pragma', 'cache');
} else {
- $response = new DataDisplayResponse(null, Http::STATUS_NOT_FOUND);
+ $response = new Response();
+ $response->setStatus(Http::STATUS_NOT_FOUND);
$response->cacheFor(0);
$response->setLastModified(new \DateTime('now', new \DateTimeZone('GMT')));
}
@@ -163,7 +165,8 @@ class IconController extends Controller {
$response->addHeader('Expires', $expires->format(\DateTime::RFC2822));
$response->addHeader('Pragma', 'cache');
} else {
- $response = new DataDisplayResponse(null, Http::STATUS_NOT_FOUND);
+ $response = new Response();
+ $response->setStatus(Http::STATUS_NOT_FOUND);
$response->cacheFor(0);
$response->setLastModified(new \DateTime('now', new \DateTimeZone('GMT')));
}
diff --git a/apps/theming/lib/ImageManager.php b/apps/theming/lib/ImageManager.php
index e7dcfa92190..4cd43e02054 100644
--- a/apps/theming/lib/ImageManager.php
+++ b/apps/theming/lib/ImageManager.php
@@ -109,7 +109,4 @@ class ImageManager {
}
}
}
-
-
-
}
diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php
index 2c344172127..36f19157637 100644
--- a/apps/theming/lib/ThemingDefaults.php
+++ b/apps/theming/lib/ThemingDefaults.php
@@ -58,6 +58,7 @@ class ThemingDefaults extends \OC_Defaults {
* @param IURLGenerator $urlGenerator
* @param \OC_Defaults $defaults
* @param IRootFolder $rootFolder
+ * @param ICacheFactory $cacheFactory
*/
public function __construct(IConfig $config,
IL10N $l,
diff --git a/apps/theming/lib/Util.php b/apps/theming/lib/Util.php
index 84c631092a8..963cf56633b 100644
--- a/apps/theming/lib/Util.php
+++ b/apps/theming/lib/Util.php
@@ -28,9 +28,18 @@ use OCP\Files\IRootFolder;
class Util {
+ /** @var IConfig */
private $config;
+
+ /** @var IRootFolder */
private $rootFolder;
+ /**
+ * Util constructor.
+ *
+ * @param IConfig $config
+ * @param IRootFolder $rootFolder
+ */
public function __construct(IConfig $config, IRootFolder $rootFolder) {
$this->config = $config;
$this->rootFolder = $rootFolder;
@@ -98,14 +107,17 @@ class Util {
* @return string path to app icon / logo
*/
public function getAppIcon($app) {
+ $app = str_replace(array('\0', '/', '\\', '..'), '', $app);
$appPath = \OC_App::getAppPath($app);
- $icon = $appPath . '/img/' . $app . '.svg';
- if(file_exists($icon)) {
- return $icon;
- }
- $icon = $appPath . '/img/app.svg';
- if(file_exists($icon)) {
- return $icon;
+ if ($appPath !== false) {
+ $icon = $appPath . '/img/' . $app . '.svg';
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ $icon = $appPath . '/img/app.svg';
+ if (file_exists($icon)) {
+ return $icon;
+ }
}
if($this->config->getAppValue('theming', 'logoMime', '') !== '' && $this->rootFolder->nodeExists('/themedinstancelogo')) {
return $this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data/') . '/themedinstancelogo';
@@ -119,32 +131,36 @@ class Util {
* @return string absolute path to image
*/
public function getAppImage($app, $image) {
+ $app = str_replace(array('\0', '/', '\\', '..'), '', $app);
+ $image = str_replace(array('\0', '\\', '..'), '', $image);
$appPath = \OC_App::getAppPath($app);
- if($app==="core") {
- $icon = \OC::$SERVERROOT . '/core/img/' . $image;
- if(file_exists($icon)) {
+ if ($app === "core") {
+ $icon = \OC::$SERVERROOT . '/core/img/' . $image;
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ }
+ if ($appPath !== false) {
+ $icon = $appPath . '/img/' . $image;
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ $icon = $appPath . '/img/' . $image . '.svg';
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ $icon = $appPath . '/img/' . $image . '.png';
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ $icon = $appPath . '/img/' . $image . '.gif';
+ if (file_exists($icon)) {
+ return $icon;
+ }
+ $icon = $appPath . '/img/' . $image . '.jpg';
+ if (file_exists($icon)) {
return $icon;
}
- }
- $icon = $appPath . '/img/' . $image;
- if(file_exists($icon)) {
- return $icon;
- }
- $icon = $appPath . '/img/' . $image . '.svg';
- if(file_exists($icon)) {
- return $icon;
- }
- $icon = $appPath . '/img/' . $image . '.png';
- if(file_exists($icon)) {
- return $icon;
- }
- $icon = $appPath . '/img/' . $image . '.gif';
- if(file_exists($icon)) {
- return $icon;
- }
- $icon = $appPath . '/img/' . $image . '.jpg';
- if(file_exists($icon)) {
- return $icon;
}
return false;
}