Sanitize POST and GET in ajax/share

1 files changed, 38 insertions, 14 deletions

diff --git a/core/ajax/share.php b/core/ajax/share.php
index f9ab91b9d2b..ee2dac18319 100644
--- a/core/ajax/share.php
+++ b/core/ajax/share.php
@@ -21,36 +21,60 @@
 require_once '../../lib/base.php';
 
 OC_JSON::checkLoggedIn();
-if (isset($_POST['action'])) {
+if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['item'])) {
+	$itemType = OCP\Util::sanitizeHTML($_POST['itemType']);
+	$item = OCP\Util::sanitizeHTML($_POST['item']);
 	switch ($_POST['action']) {
 		case 'share':
-			$return = OCP\Share::share($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']);
-			// TODO May need to return private link
-			($return) ? OC_JSON::success() : OC_JSON::error();
+			error_log($_POST['item']);
+			if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
+				$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
+				$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
+				$permissions = OCP\Util::sanitizeHTML($_POST['permissions']);
+				$return = OCP\Share::share($itemType, $item, $shareType, $shareWith, $permissions);
+				// TODO May need to return private link
+				($return) ? OC_JSON::success() : OC_JSON::error();
+			}
 			break;
 		case 'unshare':
-			$return = OCP\Share::unshare($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith']);
-			($return) ? OC_JSON::success() : OC_JSON::error();
+			if (isset($_POST['shareType']) && isset($_POST['shareWith'])) {
+				$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
+				$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
+				$return = OCP\Share::unshare($itemType, $item, $shareType, $shareWith);
+				($return) ? OC_JSON::success() : OC_JSON::error();
+			}
 			break;
 		case 'setTarget':
-			$return = OCP\Share::setTarget($_POST['itemType'], $_POST['item'], $_POST['newTarget']);
-			($return) ? OC_JSON::success() : OC_JSON::error();
+			if (isset($_POST['newTarget'])) {
+				$newTarget = OCP\Util::sanitizeHTML($_POST['newTarget']);
+				$return = OCP\Share::setTarget($itemType, $item, $newTarget);
+				($return) ? OC_JSON::success() : OC_JSON::error();
+			}
 			break;
 		case 'setPermissions':
-			$return = OCP\Share::setPermissions($_POST['itemType'], $_POST['item'], $_POST['shareType'], $_POST['shareWith'], $_POST['permissions']);
-			($return) ? OC_JSON::success() : OC_JSON::error();
+			if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
+				$shareType = OCP\Util::sanitizeHTML($_POST['shareType']);
+				$shareWith = OCP\Util::sanitizeHTML($_POST['shareWith']);
+				$permissions = OCP\Util::sanitizeHTML($_POST['permissions']);
+				$return = OCP\Share::setPermissions($itemType, $item, $shareType, $shareWith, $permissions);
+				($return) ? OC_JSON::success() : OC_JSON::error();
+			}
 			break;
 	}
-} else if (isset($_GET['fetch'])) {
+} else if (isset($_GET['fetch']) && isset($_GET['itemType'])) {
+	$itemType = OCP\Util::sanitizeHTML($_GET['itemType']);
 	switch ($_GET['fetch']) {
 		case 'getItemsSharedStatuses':
-			$return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES);
+			$return = OCP\Share::getItemsShared($itemType, OCP\Share::FORMAT_STATUSES);
 			($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
 			break;
 		case 'getItem':
 			// TODO Check if the item was shared to the current user
-			$return = OCP\Share::getItemShared($_GET['itemType'], $_GET['item']);
-			($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
+			if (isset($_GET['item'])) {
+				$item = OCP\Util::sanitizeHTML($_GET['item']);
+				$return = OCP\Share::getItemShared($itemType, $item);
+				($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
+			}
 			break;
 		case 'getShareWith':
 			// TODO Autocomplete for all users, groups, etc.