Manually type-case all AJAX files

This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core
author: Lukas Reschke <lukas@owncloud.com> 2015-02-13 13:33:20 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2015-02-13 13:33:20 +0100
commit: a7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree: 54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /settings
parent: 51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
download: nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz
nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip
13 files changed, 17 insertions, 17 deletions
diff --git a/settings/ajax/changedisplayname.php b/settings/ajax/changedisplayname.php
index 1e52182ccf6..c4d149b4dec 100644
--- a/settings/ajax/changedisplayname.php
+++ b/settings/ajax/changedisplayname.php
@@ -7,7 +7,7 @@ OC_JSON::checkLoggedIn();
 $l = \OC::$server->getL10N('settings');
 
 $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
-$displayName = $_POST["displayName"];
+$displayName = (string)$_POST["displayName"];
 
 $userstatus = null;
 if(OC_User::isAdminUser(OC_User::getUser())) {
diff --git a/settings/ajax/decryptall.php b/settings/ajax/decryptall.php
index 0ad25927461..0e7249997b6 100644
--- a/settings/ajax/decryptall.php
+++ b/settings/ajax/decryptall.php
@@ -8,7 +8,7 @@ OC_App::loadApp('files_encryption');
 
 // init encryption app
 $params = array('uid' => \OCP\User::getUser(),
-				'password' => $_POST['password']);
+				'password' => (string)$_POST['password']);
 
 $view = new OC\Files\View('/');
 $util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser());
diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php
index 1a133ea9af7..bd50234bcba 100644
--- a/settings/ajax/disableapp.php
+++ b/settings/ajax/disableapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
 	exit;
 }
 
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
 $appId = OC_App::cleanAppId($appId);
 
 // FIXME: Clear the cache - move that into some sane helper method
diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index 88abff487db..fcb8b47ea1f 100644
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -3,10 +3,10 @@
 OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
-$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
+$groups = isset($_POST['groups']) ? (string)$_POST['groups'] : null;
 
 try {
-	OC_App::enable(OC_App::cleanAppId($_POST['appid']), $groups);
+	OC_App::enable(OC_App::cleanAppId((string)$_POST['appid']), $groups);
 	// FIXME: Clear the cache - move that into some sane helper method
 	\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-0');
 	\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-1');
diff --git a/settings/ajax/installapp.php b/settings/ajax/installapp.php
index f25e68214a7..836c0115159 100644
--- a/settings/ajax/installapp.php
+++ b/settings/ajax/installapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
 	exit;
 }
 
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
 $appId = OC_App::cleanAppId($appId);
 
 $result = OC_App::installApp($appId);
diff --git a/settings/ajax/navigationdetect.php b/settings/ajax/navigationdetect.php
index 7f961eb9bc5..71d0e4c8c04 100644
--- a/settings/ajax/navigationdetect.php
+++ b/settings/ajax/navigationdetect.php
@@ -3,7 +3,7 @@
 OC_Util::checkAdminUser();
 OCP\JSON::callCheck();
 
-$app = $_GET['app'];
+$app = (string)$_GET['app'];
 $app = OC_App::cleanAppId($app);
 
 $navigation = OC_App::getAppNavigationEntries($app);
diff --git a/settings/ajax/removeRootCertificate.php b/settings/ajax/removeRootCertificate.php
index a3de035269e..1651f48853a 100644
--- a/settings/ajax/removeRootCertificate.php
+++ b/settings/ajax/removeRootCertificate.php
@@ -2,6 +2,6 @@
 OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
-$name = $_POST['cert'];
+$name = (string)$_POST['cert'];
 $certificateManager = \OC::$server->getCertificateManager();
 $certificateManager->removeCertificate($name);
diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php
index a83212927bf..0ec05534e6b 100644
--- a/settings/ajax/setlanguage.php
+++ b/settings/ajax/setlanguage.php
@@ -9,7 +9,7 @@ OCP\JSON::callCheck();
 // Get data
 if( isset( $_POST['lang'] ) ) {
 	$languageCodes=OC_L10N::findAvailableLanguages();
-	$lang=$_POST['lang'];
+	$lang = (string)$_POST['lang'];
 	if(array_search($lang, $languageCodes) or $lang === 'en') {
 		\OC::$server->getConfig()->setUserValue( OC_User::getUser(), 'core', 'lang', $lang );
 		OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") )));
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index 64a686e83d7..c83430bfcfb 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -8,7 +8,7 @@
 OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
-$username = isset($_POST["username"])?$_POST["username"]:'';
+$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
 
 if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
 	|| (!OC_User::isAdminUser(OC_User::getUser())
@@ -19,7 +19,7 @@ if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
 }
 
 //make sure the quota is in the expected format
-$quota=$_POST["quota"];
+$quota= (string)$_POST["quota"];
 if($quota !== 'none' and $quota !== 'default') {
 	$quota= OC_Helper::computerFileSize($quota);
 	$quota=OC_Helper::humanFileSize($quota);
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 27cb2b446ec..25033670952 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -4,8 +4,8 @@ OC_JSON::checkSubAdminUser();
 OCP\JSON::callCheck();
 
 $success = true;
-$username = $_POST["username"];
-$group = $_POST["group"];
+$username = (string)$_POST['username'];
+$group = (string)$_POST['group'];
 
 if($username === OC_User::getUser() && $group === "admin" &&  OC_User::isAdminUser($username)) {
 	$l = \OC::$server->getL10N('core');
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
index a99e805f69d..a6604e98b02 100644
--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -3,8 +3,8 @@
 OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
-$username = $_POST["username"];
-$group = $_POST["group"];
+$username = (string)$_POST['username'];
+$group = (string)$_POST['group'];
 
 // Toggle group
 if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {
diff --git a/settings/ajax/uninstallapp.php b/settings/ajax/uninstallapp.php
index e50fc31a449..fedc1170751 100644
--- a/settings/ajax/uninstallapp.php
+++ b/settings/ajax/uninstallapp.php
@@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
 	exit;
 }
 
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
 $appId = OC_App::cleanAppId($appId);
 
 $result = OC_App::removeApp($appId);
diff --git a/settings/ajax/updateapp.php b/settings/ajax/updateapp.php
index 3e28c65285d..fece144f464 100644
--- a/settings/ajax/updateapp.php
+++ b/settings/ajax/updateapp.php
@@ -15,7 +15,7 @@ if (!array_key_exists('appid', $_POST)) {
 	return;
 }
 
-$appId = $_POST['appid'];
+$appId = (string)$_POST['appid'];
 
 if (!is_numeric($appId)) {
 	$appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null);
author	Lukas Reschke <lukas@owncloud.com>	2015-02-13 13:33:20 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2015-02-13 13:33:20 +0100
commit	a7df23cebadfc0a60095ff53e4ae5e293eb02b38 (patch)
tree	54e8fd3e3179c65e8abda8e3bc61ce6547a501c6 /settings
parent	51f8d240c1c7a2c5fe4ab89854aeae02a33406b4 (diff)
download	nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.tar.gz nextcloud-server-a7df23cebadfc0a60095ff53e4ae5e293eb02b38.zip