Merge pull request #8156 from nextcloud/stable13-8078

[Stable13] Scss hardening

1 files changed, 19 insertions, 2 deletions

diff --git a/lib/private/Template/SCSSCacher.php b/lib/private/Template/SCSSCacher.php
index a4604425544..c6473ead09d 100644
--- a/lib/private/Template/SCSSCacher.php
+++ b/lib/private/Template/SCSSCacher.php
@@ -63,6 +63,9 @@ class SCSSCacher {
 	/** @var ICache */
 	protected $depsCache;
 
+	/** @var null|string */
+	protected $injectedVariables = null;
+
 	/**
 	 * @param ILogger $logger
 	 * @param Factory $appDataFactory
@@ -153,8 +156,9 @@ class SCSSCacher {
 						return false;
 					}
 				}
+				return true;
 			}
-			return true;
+			return false;
 		} catch(NotFoundException $e) {
 			return false;
 		}
@@ -250,6 +254,7 @@ class SCSSCacher {
 	 * We need to regenerate all files when variables change
 	 */
 	private function resetCache() {
+		$this->injectedVariables = null;
 		$appDirectory = $this->appData->getDirectoryListing();
 		if(empty($appDirectory)){
 			return;
@@ -267,10 +272,22 @@ class SCSSCacher {
 	 * @return string SCSS code for variables from OC_Defaults
 	 */
 	private function getInjectedVariables() {
+		if ($this->injectedVariables !== null)
+			return $this->injectedVariables;
 		$variables = '';
 		foreach ($this->defaults->getScssVariables() as $key => $value) {
 			$variables .= '$' . $key . ': ' . $value . ';';
 		}
+
+		// check for valid variables / otherwise fall back to defaults
+		try {
+			$scss = new Compiler();
+			$scss->compile($variables);
+			$this->injectedVariables = $variables;
+		} catch (ParserException $e) {
+			$this->logger->error($e, ['app' => 'core']);
+		}
+
 		return $variables;
 	}
 
@@ -281,7 +298,7 @@ class SCSSCacher {
 	 * @return string
 	 */
 	private function rebaseUrls($css, $webDir) {
-		$re = '/url\([\'"]([\.\w?=\/-]*)[\'"]\)/x';
+		$re = '/url\([\'"]([^\/][\.\w?=\/-]*)[\'"]\)/x';
 		$subst = 'url(\''.$webDir.'/$1\')';
 		return preg_replace($re, $subst, $css);
 	}