diff options
author | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2015-02-13 13:33:20 +0100 |
commit | a7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch) | |
tree | 54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /settings/ajax | |
parent | 51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff) | |
download | nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip |
Manually type-case all AJAX files
This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil:
Fixes https://github.com/owncloud/core/issues/14196 for core
Diffstat (limited to 'settings/ajax')
-rw-r--r-- | settings/ajax/changedisplayname.php | 2 | ||||
-rw-r--r-- | settings/ajax/decryptall.php | 2 | ||||
-rw-r--r-- | settings/ajax/disableapp.php | 2 | ||||
-rw-r--r-- | settings/ajax/enableapp.php | 4 | ||||
-rw-r--r-- | settings/ajax/installapp.php | 2 | ||||
-rw-r--r-- | settings/ajax/navigationdetect.php | 2 | ||||
-rw-r--r-- | settings/ajax/removeRootCertificate.php | 2 | ||||
-rw-r--r-- | settings/ajax/setlanguage.php | 2 | ||||
-rw-r--r-- | settings/ajax/setquota.php | 4 | ||||
-rw-r--r-- | settings/ajax/togglegroups.php | 4 | ||||
-rw-r--r-- | settings/ajax/togglesubadmins.php | 4 | ||||
-rw-r--r-- | settings/ajax/uninstallapp.php | 2 | ||||
-rw-r--r-- | settings/ajax/updateapp.php | 2 |
13 files changed, 17 insertions, 17 deletions
diff --git a/settings/ajax/changedisplayname.php b/settings/ajax/changedisplayname.php index 1e52182ccf6..c4d149b4dec 100644 --- a/settings/ajax/changedisplayname.php +++ b/settings/ajax/changedisplayname.php @@ -7,7 +7,7 @@ OC_JSON::checkLoggedIn(); $l = \OC::$server->getL10N('settings'); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); -$displayName = $_POST["displayName"]; +$displayName = (string)$_POST["displayName"]; $userstatus = null; if(OC_User::isAdminUser(OC_User::getUser())) { diff --git a/settings/ajax/decryptall.php b/settings/ajax/decryptall.php index 0ad25927461..0e7249997b6 100644 --- a/settings/ajax/decryptall.php +++ b/settings/ajax/decryptall.php @@ -8,7 +8,7 @@ OC_App::loadApp('files_encryption'); // init encryption app $params = array('uid' => \OCP\User::getUser(), - 'password' => $_POST['password']); + 'password' => (string)$_POST['password']); $view = new OC\Files\View('/'); $util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser()); diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php index 1a133ea9af7..bd50234bcba 100644 --- a/settings/ajax/disableapp.php +++ b/settings/ajax/disableapp.php @@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) { exit; } -$appId = $_POST['appid']; +$appId = (string)$_POST['appid']; $appId = OC_App::cleanAppId($appId); // FIXME: Clear the cache - move that into some sane helper method diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php index 88abff487db..fcb8b47ea1f 100644 --- a/settings/ajax/enableapp.php +++ b/settings/ajax/enableapp.php @@ -3,10 +3,10 @@ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); -$groups = isset($_POST['groups']) ? $_POST['groups'] : null; +$groups = isset($_POST['groups']) ? (string)$_POST['groups'] : null; try { - OC_App::enable(OC_App::cleanAppId($_POST['appid']), $groups); + OC_App::enable(OC_App::cleanAppId((string)$_POST['appid']), $groups); // FIXME: Clear the cache - move that into some sane helper method \OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-0'); \OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-1'); diff --git a/settings/ajax/installapp.php b/settings/ajax/installapp.php index f25e68214a7..836c0115159 100644 --- a/settings/ajax/installapp.php +++ b/settings/ajax/installapp.php @@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) { exit; } -$appId = $_POST['appid']; +$appId = (string)$_POST['appid']; $appId = OC_App::cleanAppId($appId); $result = OC_App::installApp($appId); diff --git a/settings/ajax/navigationdetect.php b/settings/ajax/navigationdetect.php index 7f961eb9bc5..71d0e4c8c04 100644 --- a/settings/ajax/navigationdetect.php +++ b/settings/ajax/navigationdetect.php @@ -3,7 +3,7 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); -$app = $_GET['app']; +$app = (string)$_GET['app']; $app = OC_App::cleanAppId($app); $navigation = OC_App::getAppNavigationEntries($app); diff --git a/settings/ajax/removeRootCertificate.php b/settings/ajax/removeRootCertificate.php index a3de035269e..1651f48853a 100644 --- a/settings/ajax/removeRootCertificate.php +++ b/settings/ajax/removeRootCertificate.php @@ -2,6 +2,6 @@ OCP\JSON::checkLoggedIn(); OCP\JSON::callCheck(); -$name = $_POST['cert']; +$name = (string)$_POST['cert']; $certificateManager = \OC::$server->getCertificateManager(); $certificateManager->removeCertificate($name); diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php index a83212927bf..0ec05534e6b 100644 --- a/settings/ajax/setlanguage.php +++ b/settings/ajax/setlanguage.php @@ -9,7 +9,7 @@ OCP\JSON::callCheck(); // Get data if( isset( $_POST['lang'] ) ) { $languageCodes=OC_L10N::findAvailableLanguages(); - $lang=$_POST['lang']; + $lang = (string)$_POST['lang']; if(array_search($lang, $languageCodes) or $lang === 'en') { \OC::$server->getConfig()->setUserValue( OC_User::getUser(), 'core', 'lang', $lang ); OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") ))); diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php index 64a686e83d7..c83430bfcfb 100644 --- a/settings/ajax/setquota.php +++ b/settings/ajax/setquota.php @@ -8,7 +8,7 @@ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); -$username = isset($_POST["username"])?$_POST["username"]:''; +$username = isset($_POST["username"]) ? (string)$_POST["username"] : ''; if(($username === '' && !OC_User::isAdminUser(OC_User::getUser())) || (!OC_User::isAdminUser(OC_User::getUser()) @@ -19,7 +19,7 @@ if(($username === '' && !OC_User::isAdminUser(OC_User::getUser())) } //make sure the quota is in the expected format -$quota=$_POST["quota"]; +$quota= (string)$_POST["quota"]; if($quota !== 'none' and $quota !== 'default') { $quota= OC_Helper::computerFileSize($quota); $quota=OC_Helper::humanFileSize($quota); diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php index 27cb2b446ec..25033670952 100644 --- a/settings/ajax/togglegroups.php +++ b/settings/ajax/togglegroups.php @@ -4,8 +4,8 @@ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; -$username = $_POST["username"]; -$group = $_POST["group"]; +$username = (string)$_POST['username']; +$group = (string)$_POST['group']; if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) { $l = \OC::$server->getL10N('core'); diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php index a99e805f69d..a6604e98b02 100644 --- a/settings/ajax/togglesubadmins.php +++ b/settings/ajax/togglesubadmins.php @@ -3,8 +3,8 @@ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); -$username = $_POST["username"]; -$group = $_POST["group"]; +$username = (string)$_POST['username']; +$group = (string)$_POST['group']; // Toggle group if(OC_SubAdmin::isSubAdminofGroup($username, $group)) { diff --git a/settings/ajax/uninstallapp.php b/settings/ajax/uninstallapp.php index e50fc31a449..fedc1170751 100644 --- a/settings/ajax/uninstallapp.php +++ b/settings/ajax/uninstallapp.php @@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) { exit; } -$appId = $_POST['appid']; +$appId = (string)$_POST['appid']; $appId = OC_App::cleanAppId($appId); $result = OC_App::removeApp($appId); diff --git a/settings/ajax/updateapp.php b/settings/ajax/updateapp.php index 3e28c65285d..fece144f464 100644 --- a/settings/ajax/updateapp.php +++ b/settings/ajax/updateapp.php @@ -15,7 +15,7 @@ if (!array_key_exists('appid', $_POST)) { return; } -$appId = $_POST['appid']; +$appId = (string)$_POST['appid']; if (!is_numeric($appId)) { $appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null); |