diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
| commit | a7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch) | |
| tree | 54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /apps | |
| parent | 51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff) | |
| download | nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip | |
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:
Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'apps')
31 files changed, 69 insertions, 69 deletions
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php index 1a810f6954c..e891bb86208 100644 --- a/apps/files/ajax/delete.php +++ b/apps/files/ajax/delete.php @@ -6,18 +6,18 @@ OCP\JSON::callCheck(); // Get data -$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; -$allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : false; +$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; +$allFiles = isset($_POST["allfiles"]) ? (bool)$_POST["allfiles"] : false; // delete all files in dir ? -if ($allFiles === 'true') { +if ($allFiles === true) { $files = array(); $fileList = \OC\Files\Filesystem::getDirectoryContent($dir); foreach ($fileList as $fileInfo) { $files[] = $fileInfo['name']; } } else { - $files = isset($_POST["file"]) ? $_POST["file"] : $_POST["files"]; + $files = isset($_POST["file"]) ? (string)$_POST["file"] : (string)$_POST["files"]; $files = json_decode($files); } $filesWithError = ''; diff --git a/apps/files/ajax/download.php b/apps/files/ajax/download.php index 368257b95cd..4bc4fc9298a 100644 --- a/apps/files/ajax/download.php +++ b/apps/files/ajax/download.php @@ -25,8 +25,8 @@ OCP\User::checkLoggedIn(); \OC::$server->getSession()->close(); -$files = isset($_GET['files']) ? $_GET['files'] : ''; -$dir = isset($_GET['dir']) ? $_GET['dir'] : ''; +$files = isset($_GET['files']) ? (string)$_GET['files'] : ''; +$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; $files_list = json_decode($files); // in case we get only a single file diff --git a/apps/files/ajax/getstoragestats.php b/apps/files/ajax/getstoragestats.php index fb7ccdc86cc..192c8ae2c70 100644 --- a/apps/files/ajax/getstoragestats.php +++ b/apps/files/ajax/getstoragestats.php @@ -3,7 +3,7 @@ $dir = '/'; if (isset($_GET['dir'])) { - $dir = $_GET['dir']; + $dir = (string)$_GET['dir']; } OCP\JSON::checkLoggedIn(); diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php index 4aed79d70f7..f73dbf86093 100644 --- a/apps/files/ajax/list.php +++ b/apps/files/ajax/list.php @@ -5,7 +5,7 @@ OCP\JSON::checkLoggedIn(); $l = \OC::$server->getL10N('files'); // Load the files -$dir = isset($_GET['dir']) ? $_GET['dir'] : ''; +$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; $dir = \OC\Files\Filesystem::normalizePath($dir); try { @@ -20,7 +20,7 @@ try { $permissions = $dirInfo->getPermissions(); - $sortAttribute = isset($_GET['sort']) ? $_GET['sort'] : 'name'; + $sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name'; $sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false; // make filelist diff --git a/apps/files/ajax/mimeicon.php b/apps/files/ajax/mimeicon.php index c531f5a3e81..82f6695bf08 100644 --- a/apps/files/ajax/mimeicon.php +++ b/apps/files/ajax/mimeicon.php @@ -1,6 +1,6 @@ <?php \OC::$server->getSession()->close(); -$mime = isset($_GET['mime']) ? $_GET['mime'] : ''; +$mime = isset($_GET['mime']) ? (string)$_GET['mime'] : ''; print OC_Helper::mimetypeIcon($mime); diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php index a9e0d09f176..f3f3fbb8d9b 100644 --- a/apps/files/ajax/move.php +++ b/apps/files/ajax/move.php @@ -5,9 +5,9 @@ OCP\JSON::callCheck(); \OC::$server->getSession()->close(); // Get data -$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; -$file = isset($_POST['file']) ? $_POST['file'] : ''; -$target = isset($_POST['target']) ? rawurldecode($_POST['target']) : ''; +$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; +$file = isset($_POST['file']) ? (string)$_POST['file'] : ''; +$target = isset($_POST['target']) ? rawurldecode((string)$_POST['target']) : ''; $l = \OC::$server->getL10N('files'); diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 159a8b5d7a3..4f5d102b404 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -9,10 +9,10 @@ global $eventSource; \OC::$server->getSession()->close(); // Get the params -$dir = isset( $_REQUEST['dir'] ) ? '/'.trim($_REQUEST['dir'], '/\\') : ''; -$filename = isset( $_REQUEST['filename'] ) ? trim($_REQUEST['filename'], '/\\') : ''; -$content = isset( $_REQUEST['content'] ) ? $_REQUEST['content'] : ''; -$source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : ''; +$dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : ''; +$filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : ''; +$content = isset( $_REQUEST['content'] ) ? (string)$_REQUEST['content'] : ''; +$source = isset( $_REQUEST['source'] ) ? trim((string)$_REQUEST['source'], '/\\') : ''; if($source) { $eventSource = \OC::$server->createEventSource(); diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php index fab230717de..e5e038b715c 100644 --- a/apps/files/ajax/newfolder.php +++ b/apps/files/ajax/newfolder.php @@ -8,8 +8,8 @@ OCP\JSON::callCheck(); \OC::$server->getSession()->close(); // Get the params -$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; -$foldername = isset($_POST['foldername']) ? $_POST['foldername'] : ''; +$dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; +$foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : ''; $l10n = \OC::$server->getL10N('files'); diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php index 6ea53468861..6f248265562 100644 --- a/apps/files/ajax/rename.php +++ b/apps/files/ajax/rename.php @@ -30,9 +30,9 @@ $files = new \OCA\Files\App( \OC::$server->getL10N('files') ); $result = $files->rename( - isset($_GET['dir']) ? $_GET['dir'] : '', - isset($_GET['file']) ? $_GET['file'] : '', - isset($_GET['newname']) ? $_GET['newname'] : '' + isset($_GET['dir']) ? (string)$_GET['dir'] : '', + isset($_GET['file']) ? (string)$_GET['file'] : '', + isset($_GET['newname']) ? (string)$_GET['newname'] : '' ); if($result['success'] === true){ diff --git a/apps/files/ajax/scan.php b/apps/files/ajax/scan.php index f8977c2971e..89641f1890b 100644 --- a/apps/files/ajax/scan.php +++ b/apps/files/ajax/scan.php @@ -3,7 +3,7 @@ set_time_limit(0); //scanning can take ages \OC::$server->getSession()->close(); $force = (isset($_GET['force']) and ($_GET['force'] === 'true')); -$dir = isset($_GET['dir']) ? $_GET['dir'] : ''; +$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; if (isset($_GET['users'])) { OC_JSON::checkAdminUser(); if ($_GET['users'] === 'all') { diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php index 88375f82acb..321a14e70fc 100644 --- a/apps/files/ajax/upload.php +++ b/apps/files/ajax/upload.php @@ -16,7 +16,7 @@ $l = \OC::$server->getL10N('files'); if (empty($_POST['dirToken'])) { // The standard case, files are uploaded through logged in users :) OCP\JSON::checkLoggedIn(); - $dir = isset($_POST['dir']) ? $_POST['dir'] : ""; + $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : ''; if (!$dir || empty($dir) || $dir === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); die(); @@ -30,9 +30,9 @@ if (empty($_POST['dirToken'])) { // return only read permissions for public upload $allowedPermissions = \OCP\Constants::PERMISSION_READ; - $publicDirectory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/'; + $publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/'; - $linkItem = OCP\Share::getShareByToken($_POST['dirToken']); + $linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']); if ($linkItem === false) { OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); die(); diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php index 503c15b53a9..fd2d72e112e 100644 --- a/apps/files_encryption/ajax/adminrecovery.php +++ b/apps/files_encryption/ajax/adminrecovery.php @@ -43,7 +43,7 @@ $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'rec if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') { - $return = Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']); + $return = Helper::adminEnableRecovery($recoveryKeyId, (string)$_POST['recoveryPassword']); // Return success or failure if ($return) { @@ -57,7 +57,7 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1 isset($_POST['adminEnableRecovery']) && '0' === $_POST['adminEnableRecovery'] ) { - $return = Helper::adminDisableRecovery($_POST['recoveryPassword']); + $return = Helper::adminDisableRecovery((string)$_POST['recoveryPassword']); if ($return) { $successMessage = $l->t('Recovery key successfully disabled'); diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php index 3d31b12af7c..58472f0fe28 100644 --- a/apps/files_encryption/ajax/changeRecoveryPassword.php +++ b/apps/files_encryption/ajax/changeRecoveryPassword.php @@ -17,9 +17,9 @@ $l = \OC::$server->getL10N('core'); $return = false; -$oldPassword = $_POST['oldPassword']; -$newPassword = $_POST['newPassword']; -$confirmPassword = $_POST['confirmPassword']; +$oldPassword = (string)$_POST['oldPassword']; +$newPassword = (string)$_POST['newPassword']; +$confirmPassword = (string)$_POST['confirmPassword']; //check if both passwords are the same if (empty($_POST['oldPassword'])) { diff --git a/apps/files_encryption/ajax/getMigrationStatus.php b/apps/files_encryption/ajax/getMigrationStatus.php index bb260199b19..ef3eb9fb10d 100644 --- a/apps/files_encryption/ajax/getMigrationStatus.php +++ b/apps/files_encryption/ajax/getMigrationStatus.php @@ -11,8 +11,8 @@ use OCA\Files_Encryption\Util; \OCP\JSON::checkAppEnabled('files_encryption'); -$loginname = isset($_POST['user']) ? $_POST['user'] : ''; -$password = isset($_POST['password']) ? $_POST['password'] : ''; +$loginname = isset($_POST['user']) ? (string)$_POST['user'] : ''; +$password = isset($_POST['password']) ? (string)$_POST['password'] : ''; $migrationStatus = Util::MIGRATION_COMPLETED; diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php index 7161b0cff92..8dceb5a5209 100644 --- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php +++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php @@ -18,8 +18,8 @@ $l = \OC::$server->getL10N('core'); $return = false; $errorMessage = $l->t('Could not update the private key password.'); -$oldPassword = $_POST['oldPassword']; -$newPassword = $_POST['newPassword']; +$oldPassword = (string)$_POST['oldPassword']; +$newPassword = (string)$_POST['newPassword']; $view = new \OC\Files\View('/'); $session = new \OCA\Files_Encryption\Session($view); diff --git a/apps/files_encryption/ajax/userrecovery.php b/apps/files_encryption/ajax/userrecovery.php index e49fee83a36..f42a6a4f477 100644 --- a/apps/files_encryption/ajax/userrecovery.php +++ b/apps/files_encryption/ajax/userrecovery.php @@ -23,7 +23,7 @@ if ( $util = new \OCA\Files_Encryption\Util($view, $userId); // Save recovery preference to DB - $return = $util->setRecoveryForUser($_POST['userEnableRecovery']); + $return = $util->setRecoveryForUser((string)$_POST['userEnableRecovery']); if ($_POST['userEnableRecovery'] === '1') { $util->addRecoveryKeys(); diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php index 4903120c2a8..fa7f0e53fe6 100644 --- a/apps/files_external/ajax/addMountPoint.php +++ b/apps/files_external/ajax/addMountPoint.php @@ -11,12 +11,12 @@ if ($_POST['isPersonal'] == 'true') { $isPersonal = false; } -$mountPoint = $_POST['mountPoint']; -$oldMountPoint = $_POST['oldMountPoint']; -$class = $_POST['class']; -$options = $_POST['classOptions']; -$type = $_POST['mountType']; -$applicable = $_POST['applicable']; +$mountPoint = (string)$_POST['mountPoint']; +$oldMountPoint = (string)$_POST['oldMountPoint']; +$class = (string)$_POST['class']; +$options = (string)$_POST['classOptions']; +$type = (string)$_POST['mountType']; +$applicable = (string)$_POST['applicable']; if ($oldMountPoint and $oldMountPoint !== $mountPoint) { OC_Mount_Config::removeMountPoint($oldMountPoint, $type, $applicable, $isPersonal); diff --git a/apps/files_external/ajax/applicable.php b/apps/files_external/ajax/applicable.php index 1f0147758e7..3af6aef57fb 100644 --- a/apps/files_external/ajax/applicable.php +++ b/apps/files_external/ajax/applicable.php @@ -9,13 +9,13 @@ $pattern = ''; $limit = null; $offset = null; if (isset($_GET['pattern'])) { - $pattern = $_GET['pattern']; + $pattern = (string)$_GET['pattern']; } if (isset($_GET['limit'])) { - $limit = $_GET['limit']; + $limit = (int)$_GET['limit']; } if (isset($_GET['offset'])) { - $offset = $_GET['offset']; + $offset = (int)$_GET['offset']; } $groups = \OC_Group::getGroups($pattern, $limit, $offset); diff --git a/apps/files_external/ajax/dropbox.php b/apps/files_external/ajax/dropbox.php index db417de4b2d..8080ca390b1 100644 --- a/apps/files_external/ajax/dropbox.php +++ b/apps/files_external/ajax/dropbox.php @@ -8,13 +8,13 @@ OCP\JSON::callCheck(); $l = \OC::$server->getL10N('files_external'); if (isset($_POST['app_key']) && isset($_POST['app_secret'])) { - $oauth = new Dropbox_OAuth_Curl($_POST['app_key'], $_POST['app_secret']); + $oauth = new Dropbox_OAuth_Curl((string)$_POST['app_key'], (string)$_POST['app_secret']); if (isset($_POST['step'])) { switch ($_POST['step']) { case 1: try { if (isset($_POST['callback'])) { - $callback = $_POST['callback']; + $callback = (string)$_POST['callback']; } else { $callback = null; } @@ -31,7 +31,7 @@ if (isset($_POST['app_key']) && isset($_POST['app_secret'])) { case 2: if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) { try { - $oauth->setToken($_POST['request_token'], $_POST['request_token_secret']); + $oauth->setToken((string)$_POST['request_token'], (string)$_POST['request_token_secret']); $token = $oauth->getAccessToken(); OCP\JSON::success(array('access_token' => $token['token'], 'access_token_secret' => $token['token_secret'])); diff --git a/apps/files_external/ajax/google.php b/apps/files_external/ajax/google.php index b80f24bbd2c..66c244acfbc 100644 --- a/apps/files_external/ajax/google.php +++ b/apps/files_external/ajax/google.php @@ -10,9 +10,9 @@ $l = \OC::$server->getL10N('files_external'); if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST['redirect'])) { $client = new Google_Client(); - $client->setClientId($_POST['client_id']); - $client->setClientSecret($_POST['client_secret']); - $client->setRedirectUri($_POST['redirect']); + $client->setClientId((string)$_POST['client_id']); + $client->setClientSecret((string)$_POST['client_secret']); + $client->setRedirectUri((string)$_POST['redirect']); $client->setScopes(array('https://www.googleapis.com/auth/drive')); $client->setAccessType('offline'); if (isset($_POST['step'])) { @@ -30,7 +30,7 @@ if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST } } else if ($step == 2 && isset($_POST['code'])) { try { - $token = $client->authenticate($_POST['code']); + $token = $client->authenticate((string)$_POST['code']); OCP\JSON::success(array('data' => array( 'token' => $token ))); diff --git a/apps/files_external/ajax/removeMountPoint.php b/apps/files_external/ajax/removeMountPoint.php index 2f5dbcfdbac..0870911544b 100644 --- a/apps/files_external/ajax/removeMountPoint.php +++ b/apps/files_external/ajax/removeMountPoint.php @@ -20,4 +20,4 @@ if ($_POST['isPersonal'] == 'true') { $isPersonal = false; } -OC_Mount_Config::removeMountPoint($_POST['mountPoint'], $_POST['mountType'], $_POST['applicable'], $isPersonal); +OC_Mount_Config::removeMountPoint((string)$_POST['mountPoint'], (string)$_POST['mountType'], (string)$_POST['applicable'], $isPersonal); diff --git a/apps/files_trashbin/ajax/delete.php b/apps/files_trashbin/ajax/delete.php index 72553fa0ee0..812c5029698 100644 --- a/apps/files_trashbin/ajax/delete.php +++ b/apps/files_trashbin/ajax/delete.php @@ -7,7 +7,7 @@ OCP\JSON::callCheck(); $folder = isset($_POST['dir']) ? $_POST['dir'] : '/'; // "empty trash" command -if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){ +if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true'){ $deleteAll = true; if ($folder === '/' || $folder === '') { OCA\Files_Trashbin\Trashbin::deleteAll(); @@ -19,7 +19,7 @@ if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){ } else { $deleteAll = false; - $files = $_POST['files']; + $files = (string)$_POST['files']; $list = json_decode($files); } diff --git a/apps/files_trashbin/ajax/list.php b/apps/files_trashbin/ajax/list.php index e25301a26cb..0a78b44fd9a 100644 --- a/apps/files_trashbin/ajax/list.php +++ b/apps/files_trashbin/ajax/list.php @@ -4,9 +4,9 @@ OCP\JSON::checkLoggedIn(); \OC::$server->getSession()->close(); // Load the files -$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; -$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name'; -$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false; +$dir = isset($_GET['dir']) ? (string)$_GET['dir'] : ''; +$sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name'; +$sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false; $data = array(); // make filelist diff --git a/apps/files_trashbin/ajax/undelete.php b/apps/files_trashbin/ajax/undelete.php index ab7d57f5a7f..558761680cc 100644 --- a/apps/files_trashbin/ajax/undelete.php +++ b/apps/files_trashbin/ajax/undelete.php @@ -7,10 +7,10 @@ OCP\JSON::callCheck(); $files = $_POST['files']; $dir = '/'; if (isset($_POST['dir'])) { - $dir = rtrim($_POST['dir'], '/'). '/'; + $dir = rtrim((string)$_POST['dir'], '/'). '/'; } $allFiles = false; -if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true') { +if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true') { $allFiles = true; $list = array(); $dirListing = true; diff --git a/apps/files_versions/ajax/getVersions.php b/apps/files_versions/ajax/getVersions.php index 80786433e7a..3d2e94be7c3 100644 --- a/apps/files_versions/ajax/getVersions.php +++ b/apps/files_versions/ajax/getVersions.php @@ -3,8 +3,8 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); OCP\JSON::checkAppEnabled('files_versions'); -$source = $_GET['source']; -$start = $_GET['start']; +$source = (string)$_GET['source']; +$start = (string)$_GET['start']; list ($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($source); $count = 5; //show the newest revisions $versions = OCA\Files_Versions\Storage::getVersions($uid, $filename, $source); diff --git a/apps/files_versions/ajax/rollbackVersion.php b/apps/files_versions/ajax/rollbackVersion.php index 326d8db74f7..7bcac614bbc 100644 --- a/apps/files_versions/ajax/rollbackVersion.php +++ b/apps/files_versions/ajax/rollbackVersion.php @@ -4,7 +4,7 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('files_versions'); OCP\JSON::callCheck(); -$file = $_GET['file']; +$file = (string)$_GET['file']; $revision=(int)$_GET['revision']; if(OCA\Files_Versions\Storage::rollback( $file, $revision )) { diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php index e6f3d32e84f..72764d754f7 100644 --- a/apps/user_ldap/ajax/clearMappings.php +++ b/apps/user_ldap/ajax/clearMappings.php @@ -29,7 +29,7 @@ OCP\JSON::checkAdminUser(); OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::callCheck(); -$subject = $_POST['ldap_clear_mapping']; +$subject = (string)$_POST['ldap_clear_mapping']; $mapping = null; if($subject === 'user') { $mapping = new UserMapping(\OC::$server->getDatabaseConnection()); diff --git a/apps/user_ldap/ajax/deleteConfiguration.php b/apps/user_ldap/ajax/deleteConfiguration.php index d409d891f61..21263acdae8 100644 --- a/apps/user_ldap/ajax/deleteConfiguration.php +++ b/apps/user_ldap/ajax/deleteConfiguration.php @@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser(); OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::callCheck(); -$prefix = $_POST['ldap_serverconfig_chooser']; +$prefix = (string)$_POST['ldap_serverconfig_chooser']; $helper = new \OCA\user_ldap\lib\Helper(); if($helper->deleteServerConfiguration($prefix)) { OCP\JSON::success(); diff --git a/apps/user_ldap/ajax/getConfiguration.php b/apps/user_ldap/ajax/getConfiguration.php index fc51b459a25..bbcc630224d 100644 --- a/apps/user_ldap/ajax/getConfiguration.php +++ b/apps/user_ldap/ajax/getConfiguration.php @@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser(); OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::callCheck(); -$prefix = $_POST['ldap_serverconfig_chooser']; +$prefix = (string)$_POST['ldap_serverconfig_chooser']; $ldapWrapper = new OCA\user_ldap\lib\LDAP(); $connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix); OCP\JSON::success(array('configuration' => $connection->getConfiguration())); diff --git a/apps/user_ldap/ajax/setConfiguration.php b/apps/user_ldap/ajax/setConfiguration.php index 84acecee5da..f2efc4ef859 100644 --- a/apps/user_ldap/ajax/setConfiguration.php +++ b/apps/user_ldap/ajax/setConfiguration.php @@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser(); OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::callCheck(); -$prefix = $_POST['ldap_serverconfig_chooser']; +$prefix = (string)$_POST['ldap_serverconfig_chooser']; // Checkboxes are not submitted, when they are unchecked. Set them manually. // only legacy checkboxes (Advanced and Expert tab) need to be handled here, diff --git a/apps/user_ldap/ajax/wizard.php b/apps/user_ldap/ajax/wizard.php index 7c4ef3a9a29..f97024303dc 100644 --- a/apps/user_ldap/ajax/wizard.php +++ b/apps/user_ldap/ajax/wizard.php @@ -31,13 +31,13 @@ $l = \OC::$server->getL10N('user_ldap'); if(!isset($_POST['action'])) { \OCP\JSON::error(array('message' => $l->t('No action specified'))); } -$action = $_POST['action']; +$action = (string)$_POST['action']; if(!isset($_POST['ldap_serverconfig_chooser'])) { \OCP\JSON::error(array('message' => $l->t('No configuration specified'))); } -$prefix = $_POST['ldap_serverconfig_chooser']; +$prefix = (string)$_POST['ldap_serverconfig_chooser']; $ldapWrapper = new \OCA\user_ldap\lib\LDAP(); $configuration = new \OCA\user_ldap\lib\Configuration($prefix); |