aboutsummaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
committerLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
commita7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /apps
parent51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
downloadnextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz
nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'apps')
-rw-r--r--apps/files/ajax/delete.php8
-rw-r--r--apps/files/ajax/download.php4
-rw-r--r--apps/files/ajax/getstoragestats.php2
-rw-r--r--apps/files/ajax/list.php4
-rw-r--r--apps/files/ajax/mimeicon.php2
-rw-r--r--apps/files/ajax/move.php6
-rw-r--r--apps/files/ajax/newfile.php8
-rw-r--r--apps/files/ajax/newfolder.php4
-rw-r--r--apps/files/ajax/rename.php6
-rw-r--r--apps/files/ajax/scan.php2
-rw-r--r--apps/files/ajax/upload.php6
-rw-r--r--apps/files_encryption/ajax/adminrecovery.php4
-rw-r--r--apps/files_encryption/ajax/changeRecoveryPassword.php6
-rw-r--r--apps/files_encryption/ajax/getMigrationStatus.php4
-rw-r--r--apps/files_encryption/ajax/updatePrivateKeyPassword.php4
-rw-r--r--apps/files_encryption/ajax/userrecovery.php2
-rw-r--r--apps/files_external/ajax/addMountPoint.php12
-rw-r--r--apps/files_external/ajax/applicable.php6
-rw-r--r--apps/files_external/ajax/dropbox.php6
-rw-r--r--apps/files_external/ajax/google.php8
-rw-r--r--apps/files_external/ajax/removeMountPoint.php2
-rw-r--r--apps/files_trashbin/ajax/delete.php4
-rw-r--r--apps/files_trashbin/ajax/list.php6
-rw-r--r--apps/files_trashbin/ajax/undelete.php4
-rw-r--r--apps/files_versions/ajax/getVersions.php4
-rw-r--r--apps/files_versions/ajax/rollbackVersion.php2
-rw-r--r--apps/user_ldap/ajax/clearMappings.php2
-rw-r--r--apps/user_ldap/ajax/deleteConfiguration.php2
-rw-r--r--apps/user_ldap/ajax/getConfiguration.php2
-rw-r--r--apps/user_ldap/ajax/setConfiguration.php2
-rw-r--r--apps/user_ldap/ajax/wizard.php4
31 files changed, 69 insertions, 69 deletions
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index 1a810f6954c..e891bb86208 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -6,18 +6,18 @@ OCP\JSON::callCheck();
// Get data
-$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
-$allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : false;
+$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
+$allFiles = isset($_POST["allfiles"]) ? (bool)$_POST["allfiles"] : false;
// delete all files in dir ?
-if ($allFiles === 'true') {
+if ($allFiles === true) {
$files = array();
$fileList = \OC\Files\Filesystem::getDirectoryContent($dir);
foreach ($fileList as $fileInfo) {
$files[] = $fileInfo['name'];
}
} else {
- $files = isset($_POST["file"]) ? $_POST["file"] : $_POST["files"];
+ $files = isset($_POST["file"]) ? (string)$_POST["file"] : (string)$_POST["files"];
$files = json_decode($files);
}
$filesWithError = '';
diff --git a/apps/files/ajax/download.php b/apps/files/ajax/download.php
index 368257b95cd..4bc4fc9298a 100644
--- a/apps/files/ajax/download.php
+++ b/apps/files/ajax/download.php
@@ -25,8 +25,8 @@
OCP\User::checkLoggedIn();
\OC::$server->getSession()->close();
-$files = isset($_GET['files']) ? $_GET['files'] : '';
-$dir = isset($_GET['dir']) ? $_GET['dir'] : '';
+$files = isset($_GET['files']) ? (string)$_GET['files'] : '';
+$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$files_list = json_decode($files);
// in case we get only a single file
diff --git a/apps/files/ajax/getstoragestats.php b/apps/files/ajax/getstoragestats.php
index fb7ccdc86cc..192c8ae2c70 100644
--- a/apps/files/ajax/getstoragestats.php
+++ b/apps/files/ajax/getstoragestats.php
@@ -3,7 +3,7 @@
$dir = '/';
if (isset($_GET['dir'])) {
- $dir = $_GET['dir'];
+ $dir = (string)$_GET['dir'];
}
OCP\JSON::checkLoggedIn();
diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index 4aed79d70f7..f73dbf86093 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -5,7 +5,7 @@ OCP\JSON::checkLoggedIn();
$l = \OC::$server->getL10N('files');
// Load the files
-$dir = isset($_GET['dir']) ? $_GET['dir'] : '';
+$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$dir = \OC\Files\Filesystem::normalizePath($dir);
try {
@@ -20,7 +20,7 @@ try {
$permissions = $dirInfo->getPermissions();
- $sortAttribute = isset($_GET['sort']) ? $_GET['sort'] : 'name';
+ $sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name';
$sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false;
// make filelist
diff --git a/apps/files/ajax/mimeicon.php b/apps/files/ajax/mimeicon.php
index c531f5a3e81..82f6695bf08 100644
--- a/apps/files/ajax/mimeicon.php
+++ b/apps/files/ajax/mimeicon.php
@@ -1,6 +1,6 @@
<?php
\OC::$server->getSession()->close();
-$mime = isset($_GET['mime']) ? $_GET['mime'] : '';
+$mime = isset($_GET['mime']) ? (string)$_GET['mime'] : '';
print OC_Helper::mimetypeIcon($mime);
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index a9e0d09f176..f3f3fbb8d9b 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -5,9 +5,9 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close();
// Get data
-$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
-$file = isset($_POST['file']) ? $_POST['file'] : '';
-$target = isset($_POST['target']) ? rawurldecode($_POST['target']) : '';
+$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
+$file = isset($_POST['file']) ? (string)$_POST['file'] : '';
+$target = isset($_POST['target']) ? rawurldecode((string)$_POST['target']) : '';
$l = \OC::$server->getL10N('files');
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index 159a8b5d7a3..4f5d102b404 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -9,10 +9,10 @@ global $eventSource;
\OC::$server->getSession()->close();
// Get the params
-$dir = isset( $_REQUEST['dir'] ) ? '/'.trim($_REQUEST['dir'], '/\\') : '';
-$filename = isset( $_REQUEST['filename'] ) ? trim($_REQUEST['filename'], '/\\') : '';
-$content = isset( $_REQUEST['content'] ) ? $_REQUEST['content'] : '';
-$source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : '';
+$dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
+$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
+$content = isset( $_REQUEST['content'] ) ? (string)$_REQUEST['content'] : '';
+$source = isset( $_REQUEST['source'] ) ? trim((string)$_REQUEST['source'], '/\\') : '';
if($source) {
$eventSource = \OC::$server->createEventSource();
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index fab230717de..e5e038b715c 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -8,8 +8,8 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close();
// Get the params
-$dir = isset($_POST['dir']) ? $_POST['dir'] : '';
-$foldername = isset($_POST['foldername']) ? $_POST['foldername'] : '';
+$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
+$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
$l10n = \OC::$server->getL10N('files');
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php
index 6ea53468861..6f248265562 100644
--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -30,9 +30,9 @@ $files = new \OCA\Files\App(
\OC::$server->getL10N('files')
);
$result = $files->rename(
- isset($_GET['dir']) ? $_GET['dir'] : '',
- isset($_GET['file']) ? $_GET['file'] : '',
- isset($_GET['newname']) ? $_GET['newname'] : ''
+ isset($_GET['dir']) ? (string)$_GET['dir'] : '',
+ isset($_GET['file']) ? (string)$_GET['file'] : '',
+ isset($_GET['newname']) ? (string)$_GET['newname'] : ''
);
if($result['success'] === true){
diff --git a/apps/files/ajax/scan.php b/apps/files/ajax/scan.php
index f8977c2971e..89641f1890b 100644
--- a/apps/files/ajax/scan.php
+++ b/apps/files/ajax/scan.php
@@ -3,7 +3,7 @@ set_time_limit(0); //scanning can take ages
\OC::$server->getSession()->close();
$force = (isset($_GET['force']) and ($_GET['force'] === 'true'));
-$dir = isset($_GET['dir']) ? $_GET['dir'] : '';
+$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
if (isset($_GET['users'])) {
OC_JSON::checkAdminUser();
if ($_GET['users'] === 'all') {
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index 88375f82acb..321a14e70fc 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -16,7 +16,7 @@ $l = \OC::$server->getL10N('files');
if (empty($_POST['dirToken'])) {
// The standard case, files are uploaded through logged in users :)
OCP\JSON::checkLoggedIn();
- $dir = isset($_POST['dir']) ? $_POST['dir'] : "";
+ $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die();
@@ -30,9 +30,9 @@ if (empty($_POST['dirToken'])) {
// return only read permissions for public upload
$allowedPermissions = \OCP\Constants::PERMISSION_READ;
- $publicDirectory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/';
+ $publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/';
- $linkItem = OCP\Share::getShareByToken($_POST['dirToken']);
+ $linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']);
if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
die();
diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php
index 503c15b53a9..fd2d72e112e 100644
--- a/apps/files_encryption/ajax/adminrecovery.php
+++ b/apps/files_encryption/ajax/adminrecovery.php
@@ -43,7 +43,7 @@ $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'rec
if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') {
- $return = Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']);
+ $return = Helper::adminEnableRecovery($recoveryKeyId, (string)$_POST['recoveryPassword']);
// Return success or failure
if ($return) {
@@ -57,7 +57,7 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1
isset($_POST['adminEnableRecovery'])
&& '0' === $_POST['adminEnableRecovery']
) {
- $return = Helper::adminDisableRecovery($_POST['recoveryPassword']);
+ $return = Helper::adminDisableRecovery((string)$_POST['recoveryPassword']);
if ($return) {
$successMessage = $l->t('Recovery key successfully disabled');
diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php
index 3d31b12af7c..58472f0fe28 100644
--- a/apps/files_encryption/ajax/changeRecoveryPassword.php
+++ b/apps/files_encryption/ajax/changeRecoveryPassword.php
@@ -17,9 +17,9 @@ $l = \OC::$server->getL10N('core');
$return = false;
-$oldPassword = $_POST['oldPassword'];
-$newPassword = $_POST['newPassword'];
-$confirmPassword = $_POST['confirmPassword'];
+$oldPassword = (string)$_POST['oldPassword'];
+$newPassword = (string)$_POST['newPassword'];
+$confirmPassword = (string)$_POST['confirmPassword'];
//check if both passwords are the same
if (empty($_POST['oldPassword'])) {
diff --git a/apps/files_encryption/ajax/getMigrationStatus.php b/apps/files_encryption/ajax/getMigrationStatus.php
index bb260199b19..ef3eb9fb10d 100644
--- a/apps/files_encryption/ajax/getMigrationStatus.php
+++ b/apps/files_encryption/ajax/getMigrationStatus.php
@@ -11,8 +11,8 @@ use OCA\Files_Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption');
-$loginname = isset($_POST['user']) ? $_POST['user'] : '';
-$password = isset($_POST['password']) ? $_POST['password'] : '';
+$loginname = isset($_POST['user']) ? (string)$_POST['user'] : '';
+$password = isset($_POST['password']) ? (string)$_POST['password'] : '';
$migrationStatus = Util::MIGRATION_COMPLETED;
diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
index 7161b0cff92..8dceb5a5209 100644
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@@ -18,8 +18,8 @@ $l = \OC::$server->getL10N('core');
$return = false;
$errorMessage = $l->t('Could not update the private key password.');
-$oldPassword = $_POST['oldPassword'];
-$newPassword = $_POST['newPassword'];
+$oldPassword = (string)$_POST['oldPassword'];
+$newPassword = (string)$_POST['newPassword'];
$view = new \OC\Files\View('/');
$session = new \OCA\Files_Encryption\Session($view);
diff --git a/apps/files_encryption/ajax/userrecovery.php b/apps/files_encryption/ajax/userrecovery.php
index e49fee83a36..f42a6a4f477 100644
--- a/apps/files_encryption/ajax/userrecovery.php
+++ b/apps/files_encryption/ajax/userrecovery.php
@@ -23,7 +23,7 @@ if (
$util = new \OCA\Files_Encryption\Util($view, $userId);
// Save recovery preference to DB
- $return = $util->setRecoveryForUser($_POST['userEnableRecovery']);
+ $return = $util->setRecoveryForUser((string)$_POST['userEnableRecovery']);
if ($_POST['userEnableRecovery'] === '1') {
$util->addRecoveryKeys();
diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php
index 4903120c2a8..fa7f0e53fe6 100644
--- a/apps/files_external/ajax/addMountPoint.php
+++ b/apps/files_external/ajax/addMountPoint.php
@@ -11,12 +11,12 @@ if ($_POST['isPersonal'] == 'true') {
$isPersonal = false;
}
-$mountPoint = $_POST['mountPoint'];
-$oldMountPoint = $_POST['oldMountPoint'];
-$class = $_POST['class'];
-$options = $_POST['classOptions'];
-$type = $_POST['mountType'];
-$applicable = $_POST['applicable'];
+$mountPoint = (string)$_POST['mountPoint'];
+$oldMountPoint = (string)$_POST['oldMountPoint'];
+$class = (string)$_POST['class'];
+$options = (string)$_POST['classOptions'];
+$type = (string)$_POST['mountType'];
+$applicable = (string)$_POST['applicable'];
if ($oldMountPoint and $oldMountPoint !== $mountPoint) {
OC_Mount_Config::removeMountPoint($oldMountPoint, $type, $applicable, $isPersonal);
diff --git a/apps/files_external/ajax/applicable.php b/apps/files_external/ajax/applicable.php
index 1f0147758e7..3af6aef57fb 100644
--- a/apps/files_external/ajax/applicable.php
+++ b/apps/files_external/ajax/applicable.php
@@ -9,13 +9,13 @@ $pattern = '';
$limit = null;
$offset = null;
if (isset($_GET['pattern'])) {
- $pattern = $_GET['pattern'];
+ $pattern = (string)$_GET['pattern'];
}
if (isset($_GET['limit'])) {
- $limit = $_GET['limit'];
+ $limit = (int)$_GET['limit'];
}
if (isset($_GET['offset'])) {
- $offset = $_GET['offset'];
+ $offset = (int)$_GET['offset'];
}
$groups = \OC_Group::getGroups($pattern, $limit, $offset);
diff --git a/apps/files_external/ajax/dropbox.php b/apps/files_external/ajax/dropbox.php
index db417de4b2d..8080ca390b1 100644
--- a/apps/files_external/ajax/dropbox.php
+++ b/apps/files_external/ajax/dropbox.php
@@ -8,13 +8,13 @@ OCP\JSON::callCheck();
$l = \OC::$server->getL10N('files_external');
if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
- $oauth = new Dropbox_OAuth_Curl($_POST['app_key'], $_POST['app_secret']);
+ $oauth = new Dropbox_OAuth_Curl((string)$_POST['app_key'], (string)$_POST['app_secret']);
if (isset($_POST['step'])) {
switch ($_POST['step']) {
case 1:
try {
if (isset($_POST['callback'])) {
- $callback = $_POST['callback'];
+ $callback = (string)$_POST['callback'];
} else {
$callback = null;
}
@@ -31,7 +31,7 @@ if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
case 2:
if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
try {
- $oauth->setToken($_POST['request_token'], $_POST['request_token_secret']);
+ $oauth->setToken((string)$_POST['request_token'], (string)$_POST['request_token_secret']);
$token = $oauth->getAccessToken();
OCP\JSON::success(array('access_token' => $token['token'],
'access_token_secret' => $token['token_secret']));
diff --git a/apps/files_external/ajax/google.php b/apps/files_external/ajax/google.php
index b80f24bbd2c..66c244acfbc 100644
--- a/apps/files_external/ajax/google.php
+++ b/apps/files_external/ajax/google.php
@@ -10,9 +10,9 @@ $l = \OC::$server->getL10N('files_external');
if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST['redirect'])) {
$client = new Google_Client();
- $client->setClientId($_POST['client_id']);
- $client->setClientSecret($_POST['client_secret']);
- $client->setRedirectUri($_POST['redirect']);
+ $client->setClientId((string)$_POST['client_id']);
+ $client->setClientSecret((string)$_POST['client_secret']);
+ $client->setRedirectUri((string)$_POST['redirect']);
$client->setScopes(array('https://www.googleapis.com/auth/drive'));
$client->setAccessType('offline');
if (isset($_POST['step'])) {
@@ -30,7 +30,7 @@ if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST
}
} else if ($step == 2 && isset($_POST['code'])) {
try {
- $token = $client->authenticate($_POST['code']);
+ $token = $client->authenticate((string)$_POST['code']);
OCP\JSON::success(array('data' => array(
'token' => $token
)));
diff --git a/apps/files_external/ajax/removeMountPoint.php b/apps/files_external/ajax/removeMountPoint.php
index 2f5dbcfdbac..0870911544b 100644
--- a/apps/files_external/ajax/removeMountPoint.php
+++ b/apps/files_external/ajax/removeMountPoint.php
@@ -20,4 +20,4 @@ if ($_POST['isPersonal'] == 'true') {
$isPersonal = false;
}
-OC_Mount_Config::removeMountPoint($_POST['mountPoint'], $_POST['mountType'], $_POST['applicable'], $isPersonal);
+OC_Mount_Config::removeMountPoint((string)$_POST['mountPoint'], (string)$_POST['mountType'], (string)$_POST['applicable'], $isPersonal);
diff --git a/apps/files_trashbin/ajax/delete.php b/apps/files_trashbin/ajax/delete.php
index 72553fa0ee0..812c5029698 100644
--- a/apps/files_trashbin/ajax/delete.php
+++ b/apps/files_trashbin/ajax/delete.php
@@ -7,7 +7,7 @@ OCP\JSON::callCheck();
$folder = isset($_POST['dir']) ? $_POST['dir'] : '/';
// "empty trash" command
-if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){
+if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true'){
$deleteAll = true;
if ($folder === '/' || $folder === '') {
OCA\Files_Trashbin\Trashbin::deleteAll();
@@ -19,7 +19,7 @@ if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){
}
else {
$deleteAll = false;
- $files = $_POST['files'];
+ $files = (string)$_POST['files'];
$list = json_decode($files);
}
diff --git a/apps/files_trashbin/ajax/list.php b/apps/files_trashbin/ajax/list.php
index e25301a26cb..0a78b44fd9a 100644
--- a/apps/files_trashbin/ajax/list.php
+++ b/apps/files_trashbin/ajax/list.php
@@ -4,9 +4,9 @@ OCP\JSON::checkLoggedIn();
\OC::$server->getSession()->close();
// Load the files
-$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : '';
-$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name';
-$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false;
+$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
+$sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name';
+$sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false;
$data = array();
// make filelist
diff --git a/apps/files_trashbin/ajax/undelete.php b/apps/files_trashbin/ajax/undelete.php
index ab7d57f5a7f..558761680cc 100644
--- a/apps/files_trashbin/ajax/undelete.php
+++ b/apps/files_trashbin/ajax/undelete.php
@@ -7,10 +7,10 @@ OCP\JSON::callCheck();
$files = $_POST['files'];
$dir = '/';
if (isset($_POST['dir'])) {
- $dir = rtrim($_POST['dir'], '/'). '/';
+ $dir = rtrim((string)$_POST['dir'], '/'). '/';
}
$allFiles = false;
-if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true') {
+if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true') {
$allFiles = true;
$list = array();
$dirListing = true;
diff --git a/apps/files_versions/ajax/getVersions.php b/apps/files_versions/ajax/getVersions.php
index 80786433e7a..3d2e94be7c3 100644
--- a/apps/files_versions/ajax/getVersions.php
+++ b/apps/files_versions/ajax/getVersions.php
@@ -3,8 +3,8 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
OCP\JSON::checkAppEnabled('files_versions');
-$source = $_GET['source'];
-$start = $_GET['start'];
+$source = (string)$_GET['source'];
+$start = (string)$_GET['start'];
list ($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($source);
$count = 5; //show the newest revisions
$versions = OCA\Files_Versions\Storage::getVersions($uid, $filename, $source);
diff --git a/apps/files_versions/ajax/rollbackVersion.php b/apps/files_versions/ajax/rollbackVersion.php
index 326d8db74f7..7bcac614bbc 100644
--- a/apps/files_versions/ajax/rollbackVersion.php
+++ b/apps/files_versions/ajax/rollbackVersion.php
@@ -4,7 +4,7 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('files_versions');
OCP\JSON::callCheck();
-$file = $_GET['file'];
+$file = (string)$_GET['file'];
$revision=(int)$_GET['revision'];
if(OCA\Files_Versions\Storage::rollback( $file, $revision )) {
diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php
index e6f3d32e84f..72764d754f7 100644
--- a/apps/user_ldap/ajax/clearMappings.php
+++ b/apps/user_ldap/ajax/clearMappings.php
@@ -29,7 +29,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
-$subject = $_POST['ldap_clear_mapping'];
+$subject = (string)$_POST['ldap_clear_mapping'];
$mapping = null;
if($subject === 'user') {
$mapping = new UserMapping(\OC::$server->getDatabaseConnection());
diff --git a/apps/user_ldap/ajax/deleteConfiguration.php b/apps/user_ldap/ajax/deleteConfiguration.php
index d409d891f61..21263acdae8 100644
--- a/apps/user_ldap/ajax/deleteConfiguration.php
+++ b/apps/user_ldap/ajax/deleteConfiguration.php
@@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
-$prefix = $_POST['ldap_serverconfig_chooser'];
+$prefix = (string)$_POST['ldap_serverconfig_chooser'];
$helper = new \OCA\user_ldap\lib\Helper();
if($helper->deleteServerConfiguration($prefix)) {
OCP\JSON::success();
diff --git a/apps/user_ldap/ajax/getConfiguration.php b/apps/user_ldap/ajax/getConfiguration.php
index fc51b459a25..bbcc630224d 100644
--- a/apps/user_ldap/ajax/getConfiguration.php
+++ b/apps/user_ldap/ajax/getConfiguration.php
@@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
-$prefix = $_POST['ldap_serverconfig_chooser'];
+$prefix = (string)$_POST['ldap_serverconfig_chooser'];
$ldapWrapper = new OCA\user_ldap\lib\LDAP();
$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix);
OCP\JSON::success(array('configuration' => $connection->getConfiguration()));
diff --git a/apps/user_ldap/ajax/setConfiguration.php b/apps/user_ldap/ajax/setConfiguration.php
index 84acecee5da..f2efc4ef859 100644
--- a/apps/user_ldap/ajax/setConfiguration.php
+++ b/apps/user_ldap/ajax/setConfiguration.php
@@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
-$prefix = $_POST['ldap_serverconfig_chooser'];
+$prefix = (string)$_POST['ldap_serverconfig_chooser'];
// Checkboxes are not submitted, when they are unchecked. Set them manually.
// only legacy checkboxes (Advanced and Expert tab) need to be handled here,
diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php
index 7c4ef3a9a29..f97024303dc 100644
--- a/apps/user_ldap/ajax/wizard.php
+++ b/apps/user_ldap/ajax/wizard.php
@@ -31,13 +31,13 @@ $l = \OC::$server->getL10N('user_ldap');
if(!isset($_POST['action'])) {
\OCP\JSON::error(array('message' => $l->t('No action specified')));
}
-$action = $_POST['action'];
+$action = (string)$_POST['action'];
if(!isset($_POST['ldap_serverconfig_chooser'])) {
\OCP\JSON::error(array('message' => $l->t('No configuration specified')));
}
-$prefix = $_POST['ldap_serverconfig_chooser'];
+$prefix = (string)$_POST['ldap_serverconfig_chooser'];
$ldapWrapper = new \OCA\user_ldap\lib\LDAP();
$configuration = new \OCA\user_ldap\lib\Configuration($prefix);