summaryrefslogtreecommitdiffstats
path: root/core/ajax/appconfig.php
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
committerLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
commita7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /core/ajax/appconfig.php
parent51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
downloadnextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz
nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'core/ajax/appconfig.php')
-rw-r--r--core/ajax/appconfig.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php
index 7d73185dae6..4b670d8c5c3 100644
--- a/core/ajax/appconfig.php
+++ b/core/ajax/appconfig.php
@@ -11,14 +11,14 @@ OCP\JSON::callCheck();
$action=isset($_POST['action'])?$_POST['action']:$_GET['action'];
if(isset($_POST['app']) || isset($_GET['app'])) {
- $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']);
+ $app=OC_App::cleanAppId(isset($_POST['app'])? (string)$_POST['app']: (string)$_GET['app']);
}
// An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected
// to execute arbitrary code in every environment.
-if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) {
+if($app === 'core' && isset($_POST['key']) &&(substr((string)$_POST['key'],0,7) === 'remote_' || substr((string)$_POST['key'],0,7) === 'public_')) {
OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
return;
}
@@ -27,10 +27,10 @@ $result=false;
$appConfig = \OC::$server->getAppConfig();
switch($action) {
case 'getValue':
- $result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']);
+ $result=$appConfig->getValue($app, (string)$_GET['key'], (string)$_GET['defaultValue']);
break;
case 'setValue':
- $result=$appConfig->setValue($app, $_POST['key'], $_POST['value']);
+ $result=$appConfig->setValue($app, (string)$_POST['key'], (string)$_POST['value']);
break;
case 'getApps':
$result=$appConfig->getApps();
@@ -39,10 +39,10 @@ switch($action) {
$result=$appConfig->getKeys($app);
break;
case 'hasKey':
- $result=$appConfig->hasKey($app, $_GET['key']);
+ $result=$appConfig->hasKey($app, (string)$_GET['key']);
break;
case 'deleteKey':
- $result=$appConfig->deleteKey($app, $_POST['key']);
+ $result=$appConfig->deleteKey($app, (string)$_POST['key']);
break;
case 'deleteApp':
$result=$appConfig->deleteApp($app);