aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJoas Schilling <213943+nickvergessen@users.noreply.github.com>2024-10-14 17:03:09 +0200
committerGitHub <noreply@github.com>2024-10-14 17:03:09 +0200
commitf07993173a99f6de63f30292170346ec8b6760e2 (patch)
tree1e60e3e1c911626f28d4b1bded66cd6860ecda98 /lib
parentef532fefdacb34a4411e0b7c3193dff4c738aae2 (diff)
parent07449847e1e786d425e2ff4359a7509ad37d070b (diff)
downloadnextcloud-server-f07993173a99f6de63f30292170346ec8b6760e2.tar.gz
nextcloud-server-f07993173a99f6de63f30292170346ec8b6760e2.zip
Merge pull request #48604 from nextcloud/bugfix/noid/fix-tainted-file-appinfo
fix(appmanager): Fix tainted file path when loading appinfos
Diffstat (limited to 'lib')
-rw-r--r--lib/private/App/AppManager.php41
-rw-r--r--lib/private/Installer.php2
-rw-r--r--lib/private/legacy/OC_App.php5
-rw-r--r--lib/public/App/IAppManager.php10
4 files changed, 38 insertions, 20 deletions
diff --git a/lib/private/App/AppManager.php b/lib/private/App/AppManager.php
index 4ffddef98c3..2b6d2a2700b 100644
--- a/lib/private/App/AppManager.php
+++ b/lib/private/App/AppManager.php
@@ -744,30 +744,39 @@ class AppManager implements IAppManager {
*/
public function getAppInfo(string $appId, bool $path = false, $lang = null) {
if ($path) {
- $file = $appId;
- } else {
- if ($lang === null && isset($this->appInfos[$appId])) {
- return $this->appInfos[$appId];
- }
- try {
- $appPath = $this->getAppPath($appId);
- } catch (AppPathNotFoundException $e) {
- return null;
- }
- $file = $appPath . '/appinfo/info.xml';
+ throw new \InvalidArgumentException('Calling IAppManager::getAppInfo() with a path is no longer supported. Please call IAppManager::getAppInfoByPath() instead and verify that the path is good before calling.');
+ }
+ if ($lang === null && isset($this->appInfos[$appId])) {
+ return $this->appInfos[$appId];
+ }
+ try {
+ $appPath = $this->getAppPath($appId);
+ } catch (AppPathNotFoundException) {
+ return null;
+ }
+ $file = $appPath . '/appinfo/info.xml';
+
+ $data = $this->getAppInfoByPath($file, $lang);
+
+ if ($lang === null) {
+ $this->appInfos[$appId] = $data;
+ }
+
+ return $data;
+ }
+
+ public function getAppInfoByPath(string $path, ?string $lang = null): ?array {
+ if (!str_ends_with($path, '/appinfo/info.xml')) {
+ return null;
}
$parser = new InfoParser($this->memCacheFactory->createLocal('core.appinfo'));
- $data = $parser->parse($file);
+ $data = $parser->parse($path);
if (is_array($data)) {
$data = \OC_App::parseAppInfo($data, $lang);
}
- if ($lang === null) {
- $this->appInfos[$appId] = $data;
- }
-
return $data;
}
diff --git a/lib/private/Installer.php b/lib/private/Installer.php
index d5500c07a3c..00fdd84c1bc 100644
--- a/lib/private/Installer.php
+++ b/lib/private/Installer.php
@@ -65,7 +65,7 @@ class Installer {
}
$l = \OCP\Util::getL10N('core');
- $info = \OCP\Server::get(IAppManager::class)->getAppInfo($basedir . '/appinfo/info.xml', true, $l->getLanguageCode());
+ $info = \OCP\Server::get(IAppManager::class)->getAppInfoByPath($basedir . '/appinfo/info.xml', $l->getLanguageCode());
if (!is_array($info)) {
throw new \Exception(
diff --git a/lib/private/legacy/OC_App.php b/lib/private/legacy/OC_App.php
index a9f8b24d831..6afd4086cb3 100644
--- a/lib/private/legacy/OC_App.php
+++ b/lib/private/legacy/OC_App.php
@@ -313,7 +313,8 @@ class OC_App {
* @deprecated 11.0.0 use \OCP\Server::get(IAppManager)->getAppPath()
*/
public static function getAppPath(string $appId, bool $refreshAppPath = false) {
- if ($appId === null || trim($appId) === '') {
+ $appId = self::cleanAppId($appId);
+ if ($appId === '') {
return false;
}
@@ -346,7 +347,7 @@ class OC_App {
*/
public static function getAppVersionByPath(string $path): string {
$infoFile = $path . '/appinfo/info.xml';
- $appData = \OC::$server->getAppManager()->getAppInfo($infoFile, true);
+ $appData = \OCP\Server::get(IAppManager::class)->getAppInfoByPath($infoFile);
return $appData['version'] ?? '';
}
diff --git a/lib/public/App/IAppManager.php b/lib/public/App/IAppManager.php
index 1182f611b29..0af7cdfc495 100644
--- a/lib/public/App/IAppManager.php
+++ b/lib/public/App/IAppManager.php
@@ -25,15 +25,23 @@ interface IAppManager {
public const BACKEND_CALDAV = 'caldav';
/**
- * Returns the app information from "appinfo/info.xml".
+ * Returns the app information from "appinfo/info.xml" for an app
*
* @param string|null $lang
* @return array|null
* @since 14.0.0
+ * @since 31.0.0 Usage of $path is discontinued and throws an \InvalidArgumentException, use {@see self::getAppInfoByPath} instead.
*/
public function getAppInfo(string $appId, bool $path = false, $lang = null);
/**
+ * Returns the app information from a given path ending with "/appinfo/info.xml"
+ *
+ * @since 31.0.0
+ */
+ public function getAppInfoByPath(string $path, ?string $lang = null): ?array;
+
+ /**
* Returns the app information from "appinfo/info.xml".
*
* @param string $appId