diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2025-02-13 14:21:36 +0100 |
|---|---|---|
| committer | Côme Chilliet <come.chilliet@nextcloud.com> | 2025-02-13 14:21:36 +0100 |
| commit | 8f57a5076717280b2450ba2737d0c214bf45b314 (patch) | |
| tree | 26f85b9426dd00ae4bb6aa01a50a498c2d81cc1e /lib | |
| parent | ed9b47462f25937831471ba1aabcc03757e5dee5 (diff) | |
| download | nextcloud-server-8f57a5076717280b2450ba2737d0c214bf45b314.tar.gz nextcloud-server-8f57a5076717280b2450ba2737d0c214bf45b314.zip | |
fix: Only keep allowed characters in appid, and flag the method as escaping
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/App/AppManager.php | 19 | ||||
| -rw-r--r-- | lib/public/App/IAppManager.php | 11 |
2 files changed, 26 insertions, 4 deletions
diff --git a/lib/private/App/AppManager.php b/lib/private/App/AppManager.php index 84dde3be712..544b304b9bd 100644 --- a/lib/private/App/AppManager.php +++ b/lib/private/App/AppManager.php @@ -939,8 +939,23 @@ class AppManager implements IAppManager { return false; } + /** + * Clean the appId from forbidden characters + * + * @psalm-taint-escape callable + * @psalm-taint-escape cookie + * @psalm-taint-escape file + * @psalm-taint-escape has_quotes + * @psalm-taint-escape header + * @psalm-taint-escape html + * @psalm-taint-escape include + * @psalm-taint-escape ldap + * @psalm-taint-escape shell + * @psalm-taint-escape sql + * @psalm-taint-escape unserialize + */ public function cleanAppId(string $app): string { - // FIXME should list allowed characters instead - return str_replace(['<', '>', '"', "'", '\0', '/', '\\', '..'], '', $app); + /* Only lowercase alphanumeric is allowed */ + return preg_replace('/[^a-z0-9_]+/', '', $app); } } diff --git a/lib/public/App/IAppManager.php b/lib/public/App/IAppManager.php index 961823dee6e..fa35819b779 100644 --- a/lib/public/App/IAppManager.php +++ b/lib/public/App/IAppManager.php @@ -309,10 +309,17 @@ interface IAppManager { /** * Clean the appId from forbidden characters * + * @psalm-taint-escape callable + * @psalm-taint-escape cookie * @psalm-taint-escape file - * @psalm-taint-escape include - * @psalm-taint-escape html * @psalm-taint-escape has_quotes + * @psalm-taint-escape header + * @psalm-taint-escape html + * @psalm-taint-escape include + * @psalm-taint-escape ldap + * @psalm-taint-escape shell + * @psalm-taint-escape sql + * @psalm-taint-escape unserialize * * @since 31.0.0 */ |