summaryrefslogtreecommitdiffstats
path: root/settings/ajax
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
committerLukas Reschke <lukas@owncloud.com>2015-02-13 13:33:20 +0100
commita7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /settings/ajax
parent51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
downloadnextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz
nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'settings/ajax')
-rw-r--r--settings/ajax/changedisplayname.php2
-rw-r--r--settings/ajax/decryptall.php2
-rw-r--r--settings/ajax/disableapp.php2
-rw-r--r--settings/ajax/enableapp.php4
-rw-r--r--settings/ajax/installapp.php2
-rw-r--r--settings/ajax/navigationdetect.php2
-rw-r--r--settings/ajax/removeRootCertificate.php2
-rw-r--r--settings/ajax/setlanguage.php2
-rw-r--r--settings/ajax/setquota.php4
-rw-r--r--settings/ajax/togglegroups.php4
-rw-r--r--settings/ajax/togglesubadmins.php4
-rw-r--r--settings/ajax/uninstallapp.php2
-rw-r--r--settings/ajax/updateapp.php2
13 files changed, 17 insertions, 17 deletions
diff --git a/settings/ajax/changedisplayname.php b/settings/ajax/changedisplayname.php
index 1e52182ccf6..c4d149b4dec 100644
--- a/settings/ajax/changedisplayname.php
+++ b/settings/ajax/changedisplayname.php
@@ -7,7 +7,7 @@ OC_JSON::checkLoggedIn();
$l = \OC::$server->getL10N('settings');
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
-$displayName = $_POST["displayName"];
+$displayName = (string)$_POST["displayName"];
$userstatus = null;
if(OC_User::isAdminUser(OC_User::getUser())) {
diff --git a/settings/ajax/decryptall.php b/settings/ajax/decryptall.php
index 0ad25927461..0e7249997b6 100644
--- a/settings/ajax/decryptall.php
+++ b/settings/ajax/decryptall.php
@@ -8,7 +8,7 @@ OC_App::loadApp('files_encryption');
// init encryption app
$params = array('uid' => \OCP\User::getUser(),
- 'password' => $_POST['password']);
+ 'password' => (string)$_POST['password']);
$view = new OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser());
diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php
index 1a133ea9af7..bd50234bcba 100644
--- a/settings/ajax/disableapp.php
+++ b/settings/ajax/disableapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit;
}
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId);
// FIXME: Clear the cache - move that into some sane helper method
diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index 88abff487db..fcb8b47ea1f 100644
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -3,10 +3,10 @@
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
-$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
+$groups = isset($_POST['groups']) ? (string)$_POST['groups'] : null;
try {
- OC_App::enable(OC_App::cleanAppId($_POST['appid']), $groups);
+ OC_App::enable(OC_App::cleanAppId((string)$_POST['appid']), $groups);
// FIXME: Clear the cache - move that into some sane helper method
\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-0');
\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-1');
diff --git a/settings/ajax/installapp.php b/settings/ajax/installapp.php
index f25e68214a7..836c0115159 100644
--- a/settings/ajax/installapp.php
+++ b/settings/ajax/installapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit;
}
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId);
$result = OC_App::installApp($appId);
diff --git a/settings/ajax/navigationdetect.php b/settings/ajax/navigationdetect.php
index 7f961eb9bc5..71d0e4c8c04 100644
--- a/settings/ajax/navigationdetect.php
+++ b/settings/ajax/navigationdetect.php
@@ -3,7 +3,7 @@
OC_Util::checkAdminUser();
OCP\JSON::callCheck();
-$app = $_GET['app'];
+$app = (string)$_GET['app'];
$app = OC_App::cleanAppId($app);
$navigation = OC_App::getAppNavigationEntries($app);
diff --git a/settings/ajax/removeRootCertificate.php b/settings/ajax/removeRootCertificate.php
index a3de035269e..1651f48853a 100644
--- a/settings/ajax/removeRootCertificate.php
+++ b/settings/ajax/removeRootCertificate.php
@@ -2,6 +2,6 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
-$name = $_POST['cert'];
+$name = (string)$_POST['cert'];
$certificateManager = \OC::$server->getCertificateManager();
$certificateManager->removeCertificate($name);
diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php
index a83212927bf..0ec05534e6b 100644
--- a/settings/ajax/setlanguage.php
+++ b/settings/ajax/setlanguage.php
@@ -9,7 +9,7 @@ OCP\JSON::callCheck();
// Get data
if( isset( $_POST['lang'] ) ) {
$languageCodes=OC_L10N::findAvailableLanguages();
- $lang=$_POST['lang'];
+ $lang = (string)$_POST['lang'];
if(array_search($lang, $languageCodes) or $lang === 'en') {
\OC::$server->getConfig()->setUserValue( OC_User::getUser(), 'core', 'lang', $lang );
OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") )));
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index 64a686e83d7..c83430bfcfb 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -8,7 +8,7 @@
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
-$username = isset($_POST["username"])?$_POST["username"]:'';
+$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
|| (!OC_User::isAdminUser(OC_User::getUser())
@@ -19,7 +19,7 @@ if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
}
//make sure the quota is in the expected format
-$quota=$_POST["quota"];
+$quota= (string)$_POST["quota"];
if($quota !== 'none' and $quota !== 'default') {
$quota= OC_Helper::computerFileSize($quota);
$quota=OC_Helper::humanFileSize($quota);
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 27cb2b446ec..25033670952 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -4,8 +4,8 @@ OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
-$username = $_POST["username"];
-$group = $_POST["group"];
+$username = (string)$_POST['username'];
+$group = (string)$_POST['group'];
if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) {
$l = \OC::$server->getL10N('core');
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
index a99e805f69d..a6604e98b02 100644
--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -3,8 +3,8 @@
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
-$username = $_POST["username"];
-$group = $_POST["group"];
+$username = (string)$_POST['username'];
+$group = (string)$_POST['group'];
// Toggle group
if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {
diff --git a/settings/ajax/uninstallapp.php b/settings/ajax/uninstallapp.php
index e50fc31a449..fedc1170751 100644
--- a/settings/ajax/uninstallapp.php
+++ b/settings/ajax/uninstallapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit;
}
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId);
$result = OC_App::removeApp($appId);
diff --git a/settings/ajax/updateapp.php b/settings/ajax/updateapp.php
index 3e28c65285d..fece144f464 100644
--- a/settings/ajax/updateapp.php
+++ b/settings/ajax/updateapp.php
@@ -15,7 +15,7 @@ if (!array_key_exists('appid', $_POST)) {
return;
}
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
if (!is_numeric($appId)) {
$appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null);