diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2021-02-10 12:20:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-10 12:20:49 +0100 |
| commit | d42f9e65a22c7ca94a8858af640719c7c9d85c8a (patch) | |
| tree | 9932a5604f18a0f4a916a3715f48e901b8b00059 /apps | |
| parent | decb70b9ac6048e72305154af841271902f6b10c (diff) | |
| parent | 784a752c0f38c6f667516e8377a42b37cd527038 (diff) | |
| download | nextcloud-server-d42f9e65a22c7ca94a8858af640719c7c9d85c8a.tar.gz nextcloud-server-d42f9e65a22c7ca94a8858af640719c7c9d85c8a.zip | |
Merge pull request #25554 from nextcloud/fix/pslam/tainted_cookie
tain-escape the cookie input
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files/ajax/download.php | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/apps/files/ajax/download.php b/apps/files/ajax/download.php index 25d70c7ebcf..445b15dc6a7 100644 --- a/apps/files/ajax/download.php +++ b/apps/files/ajax/download.php @@ -42,14 +42,28 @@ if (!is_array($files_list)) { } /** + * @psalm-taint-escape cookie + */ +function cleanCookieInput(string $value): string { + if (strlen($value) > 32) { + return ''; + } + if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) { + return ''; + } + return $value; +} + +/** * this sets a cookie to be able to recognize the start of the download * the content must not be longer than 32 characters and must only contain * alphanumeric characters */ -if (isset($_GET['downloadStartSecret']) - && !isset($_GET['downloadStartSecret'][32]) - && preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) === 1) { - setcookie('ocDownloadStarted', $_GET['downloadStartSecret'], time() + 20, '/'); +if (isset($_GET['downloadStartSecret'])) { + $value = cleanCookieInput($_GET['downloadStartSecret']); + if ($value !== '') { + setcookie('ocDownloadStarted', $value, time() + 20, '/'); + } } $server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ]; |