diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-06-10 16:33:44 +0200 |
|---|---|---|
| committer | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2024-06-11 14:10:29 +0200 |
| commit | 74e5812c26dad3aa102088af9b525a4ead2c78d6 (patch) | |
| tree | cc749e0382f10c2fb7da2a58f40bdb6cad17990e /apps | |
| parent | 621c068680bb4710d45c86764c718bb8edb46506 (diff) | |
| download | nextcloud-server-74e5812c26dad3aa102088af9b525a4ead2c78d6.tar.gz nextcloud-server-74e5812c26dad3aa102088af9b525a4ead2c78d6.zip | |
fix(webhooks): Refuse webhooks registration if auth header is used without auth data
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/webhooks/lib/Db/WebhookListener.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/webhooks/lib/Db/WebhookListener.php b/apps/webhooks/lib/Db/WebhookListener.php index a949d93c9ea..4781454fc1a 100644 --- a/apps/webhooks/lib/Db/WebhookListener.php +++ b/apps/webhooks/lib/Db/WebhookListener.php @@ -78,6 +78,9 @@ class WebhookListener extends Entity implements \JsonSerializable { public function setAuthDataClear(?array $data): void { if ($data === null) { + if ($this->getAuthMethodEnum() === AuthMethod::Header) { + throw new \UnexpectedValueException('Header auth method needs an associative array of headers as auth data'); + } $this->setAuthData(null); return; } |