summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
committerLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
commita7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /core
parent51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
downloadnextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz
nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'core')
-rw-r--r--core/ajax/appconfig.php12
-rw-r--r--core/ajax/share.php76
2 files changed, 44 insertions, 44 deletions
diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php
index 7d73185dae6..4b670d8c5c3 100644
--- a/core/ajax/appconfig.php
+++ b/core/ajax/appconfig.php
@@ -11,14 +11,14 @@ OCP\JSON::callCheck();
$action=isset($_POST['action'])?$_POST['action']:$_GET['action'];
if(isset($_POST['app']) || isset($_GET['app'])) {
- $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']);
+ $app=OC_App::cleanAppId(isset($_POST['app'])? (string)$_POST['app']: (string)$_GET['app']);
}
// An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected
// to execute arbitrary code in every environment.
-if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) {
+if($app === 'core' && isset($_POST['key']) &&(substr((string)$_POST['key'],0,7) === 'remote_' || substr((string)$_POST['key'],0,7) === 'public_')) {
OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
return;
}
@@ -27,10 +27,10 @@ $result=false;
$appConfig = \OC::$server->getAppConfig();
switch($action) {
case 'getValue':
- $result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']);
+ $result=$appConfig->getValue($app, (string)$_GET['key'], (string)$_GET['defaultValue']);
break;
case 'setValue':
- $result=$appConfig->setValue($app, $_POST['key'], $_POST['value']);
+ $result=$appConfig->setValue($app, (string)$_POST['key'], (string)$_POST['value']);
break;
case 'getApps':
$result=$appConfig->getApps();
@@ -39,10 +39,10 @@ switch($action) {
$result=$appConfig->getKeys($app);
break;
case 'hasKey':
- $result=$appConfig->hasKey($app, $_GET['key']);
+ $result=$appConfig->hasKey($app, (string)$_GET['key']);
break;
case 'deleteKey':
- $result=$appConfig->deleteKey($app, $_POST['key']);
+ $result=$appConfig->deleteKey($app, (string)$_POST['key']);
break;
case 'deleteApp':
$result=$appConfig->deleteApp($app);
diff --git a/core/ajax/share.php b/core/ajax/share.php
index 6d0a6a4e3b9..d8aec9c6542 100644
--- a/core/ajax/share.php
+++ b/core/ajax/share.php
@@ -31,11 +31,11 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
try {
$shareType = (int)$_POST['shareType'];
$shareWith = $_POST['shareWith'];
- $itemSourceName = isset($_POST['itemSourceName']) ? $_POST['itemSourceName'] : null;
+ $itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
$shareWith = null;
}
- $itemSourceName=(isset($_POST['itemSourceName'])) ? $_POST['itemSourceName']:'';
+ $itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
$token = OCP\Share::shareItem(
$_POST['itemType'],
@@ -44,7 +44,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
$shareWith,
$_POST['permissions'],
$itemSourceName,
- (!empty($_POST['expirationDate']) ? new \DateTime($_POST['expirationDate']) : null)
+ (!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null)
);
if (is_string($token)) {
@@ -62,19 +62,19 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if ((int)$_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK && $_POST['shareWith'] == '') {
$shareWith = null;
} else {
- $shareWith = $_POST['shareWith'];
+ $shareWith = (string)$_POST['shareWith'];
}
- $return = OCP\Share::unshare($_POST['itemType'], $_POST['itemSource'], $_POST['shareType'], $shareWith);
+ $return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith);
($return) ? OC_JSON::success() : OC_JSON::error();
}
break;
case 'setPermissions':
if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
$return = OCP\Share::setPermissions(
- $_POST['itemType'],
- $_POST['itemSource'],
+ (string)$_POST['itemType'],
+ (string)$_POST['itemSource'],
(int)$_POST['shareType'],
- $_POST['shareWith'],
+ (string)$_POST['shareWith'],
(int)$_POST['permissions']
);
($return) ? OC_JSON::success() : OC_JSON::error();
@@ -83,7 +83,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
case 'setExpirationDate':
if (isset($_POST['date'])) {
try {
- $return = OCP\Share::setExpirationDate($_POST['itemType'], $_POST['itemSource'], $_POST['date']);
+ $return = OCP\Share::setExpirationDate((string)$_POST['itemType'], (string)$_POST['itemSource'], (string)$_POST['date']);
($return) ? OC_JSON::success() : OC_JSON::error();
} catch (\Exception $e) {
OC_JSON::error(array('data' => array('message' => $e->getMessage())));
@@ -93,9 +93,9 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
case 'informRecipients':
$l = \OC::$server->getL10N('core');
$shareType = (int) $_POST['shareType'];
- $itemType = $_POST['itemType'];
- $itemSource = $_POST['itemSource'];
- $recipient = $_POST['recipient'];
+ $itemType = (string)$_POST['itemType'];
+ $itemSource = (string)$_POST['itemSource'];
+ $recipient = (string)$_POST['recipient'];
if($shareType === \OCP\Share::SHARE_TYPE_USER) {
$recipientList[] = $recipient;
@@ -123,26 +123,26 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
}
break;
case 'informRecipientsDisabled':
- $itemSource = $_POST['itemSource'];
- $shareType = $_POST['shareType'];
- $itemType = $_POST['itemType'];
- $recipient = $_POST['recipient'];
+ $itemSource = (string)$_POST['itemSource'];
+ $shareType = (int)$_POST['shareType'];
+ $itemType = (string)$_POST['itemType'];
+ $recipient = (string)$_POST['recipient'];
\OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, $recipient, false);
OCP\JSON::success();
break;
case 'email':
// read post variables
- $link = $_POST['link'];
- $file = $_POST['file'];
- $to_address = $_POST['toaddress'];
+ $link = (string)$_POST['link'];
+ $file = (string)$_POST['file'];
+ $to_address = (string)$_POST['toaddress'];
$mailNotification = new \OC\Share\MailNotifications();
$expiration = null;
if (isset($_POST['expiration']) && $_POST['expiration'] !== '') {
try {
- $date = new DateTime($_POST['expiration']);
+ $date = new DateTime((string)$_POST['expiration']);
$expiration = $date->getTimestamp();
} catch (Exception $e) {
\OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR);
@@ -170,7 +170,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
switch ($_GET['fetch']) {
case 'getItemsSharedStatuses':
if (isset($_GET['itemType'])) {
- $return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES);
+ $return = OCP\Share::getItemsShared((string)$_GET['itemType'], OCP\Share::FORMAT_STATUSES);
is_array($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
}
break;
@@ -181,8 +181,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
&& isset($_GET['checkShares'])) {
if ($_GET['checkReshare'] == 'true') {
$reshare = OCP\Share::getItemSharedWithBySource(
- $_GET['itemType'],
- $_GET['itemSource'],
+ (string)$_GET['itemType'],
+ (string)$_GET['itemSource'],
OCP\Share::FORMAT_NONE,
null,
true
@@ -192,8 +192,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
}
if ($_GET['checkShares'] == 'true') {
$shares = OCP\Share::getItemShared(
- $_GET['itemType'],
- $_GET['itemSource'],
+ (string)$_GET['itemType'],
+ (string)$_GET['itemSource'],
OCP\Share::FORMAT_NONE,
null,
true
@@ -209,7 +209,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if (isset($_GET['search'])) {
$cm = OC::$server->getContactsManager();
if (!is_null($cm) && $cm->isEnabled()) {
- $contacts = $cm->search($_GET['search'], array('FN', 'EMAIL'));
+ $contacts = $cm->search((string)$_GET['search'], array('FN', 'EMAIL'));
foreach ($contacts as $contact) {
if (!isset($contact['EMAIL'])) {
continue;
@@ -236,7 +236,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if (isset($_GET['search'])) {
$shareWithinGroupOnly = OC\Share\Share::shareWithGroupMembersOnly();
$shareWith = array();
- $groups = OC_Group::getGroups($_GET['search']);
+ $groups = OC_Group::getGroups((string)$_GET['search']);
if ($shareWithinGroupOnly) {
$usergroups = OC_Group::getUserGroups(OC_User::getUser());
$groups = array_intersect($groups, $usergroups);
@@ -248,15 +248,15 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
while ($count < 15 && count($users) == $limit) {
$limit = 15 - $count;
if ($shareWithinGroupOnly) {
- $users = OC_Group::DisplayNamesInGroups($usergroups, $_GET['search'], $limit, $offset);
+ $users = OC_Group::DisplayNamesInGroups($usergroups, (string)$_GET['search'], $limit, $offset);
} else {
- $users = OC_User::getDisplayNames($_GET['search'], $limit, $offset);
+ $users = OC_User::getDisplayNames((string)$_GET['search'], $limit, $offset);
}
$offset += $limit;
foreach ($users as $uid => $displayName) {
if ((!isset($_GET['itemShares'])
- || !is_array($_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])
- || !in_array($uid, $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]))
+ || !is_array((string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])
+ || !in_array($uid, (string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]))
&& $uid != OC_User::getUser()) {
$shareWith[] = array(
'label' => $displayName,
@@ -277,8 +277,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if ($count < 15) {
if (!isset($_GET['itemShares'])
|| !isset($_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])
- || !is_array($_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])
- || !in_array($group, $_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])) {
+ || !is_array((string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])
+ || !in_array($group, (string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])) {
$shareWith[] = array(
'label' => $group,
'value' => array(
@@ -294,20 +294,20 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
}
// allow user to add unknown remote addresses for server-to-server share
- $backend = \OCP\Share::getBackend($_GET['itemType']);
+ $backend = \OCP\Share::getBackend((string)$_GET['itemType']);
if ($backend->isShareTypeAllowed(\OCP\Share::SHARE_TYPE_REMOTE)) {
- if (substr_count($_GET['search'], '@') === 1) {
+ if (substr_count((string)$_GET['search'], '@') === 1) {
$shareWith[] = array(
- 'label' => $_GET['search'],
+ 'label' => (string)$_GET['search'],
'value' => array(
'shareType' => \OCP\Share::SHARE_TYPE_REMOTE,
- 'shareWith' => $_GET['search']
+ 'shareWith' => (string)$_GET['search']
)
);
}
}
- $sorter = new \OC\Share\SearchResultSorter($_GET['search'],
+ $sorter = new \OC\Share\SearchResultSorter((string)$_GET['search'],
'label',
new \OC\Log());
usort($shareWith, array($sorter, 'sort'));