diff options
Diffstat (limited to 'apps/provisioning_api/lib/Controller/AppsController.php')
| -rw-r--r-- | apps/provisioning_api/lib/Controller/AppsController.php | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/apps/provisioning_api/lib/Controller/AppsController.php b/apps/provisioning_api/lib/Controller/AppsController.php index 04dfd8f29b1..4d32584591b 100644 --- a/apps/provisioning_api/lib/Controller/AppsController.php +++ b/apps/provisioning_api/lib/Controller/AppsController.php @@ -28,6 +28,17 @@ class AppsController extends OCSController { } /** + * @throws \InvalidArgumentException + */ + protected function verifyAppId(string $app): string { + $cleanId = $this->appManager->cleanAppId($app); + if ($cleanId !== $app) { + throw new \InvalidArgumentException('Invalid app id given'); + } + return $cleanId; + } + + /** * Get a list of installed apps * * @param ?string $filter Filter for enabled or disabled apps @@ -71,6 +82,11 @@ class AppsController extends OCSController { * 200: App info returned */ public function getAppInfo(string $app): DataResponse { + try { + $app = $this->verifyAppId($app); + } catch (\InvalidArgumentException $e) { + throw new OCSException($e->getMessage(), OCSController::RESPOND_UNAUTHORISED); + } $info = $this->appManager->getAppInfo($app); if (!is_null($info)) { return new DataResponse($info); @@ -91,7 +107,10 @@ class AppsController extends OCSController { #[PasswordConfirmationRequired] public function enable(string $app): DataResponse { try { + $app = $this->verifyAppId($app); $this->appManager->enableApp($app); + } catch (\InvalidArgumentException $e) { + throw new OCSException($e->getMessage(), OCSController::RESPOND_UNAUTHORISED); } catch (AppPathNotFoundException $e) { throw new OCSException('The request app was not found', OCSController::RESPOND_NOT_FOUND); } @@ -103,12 +122,18 @@ class AppsController extends OCSController { * * @param string $app ID of the app * @return DataResponse<Http::STATUS_OK, list<empty>, array{}> + * @throws OCSException * * 200: App disabled successfully */ #[PasswordConfirmationRequired] public function disable(string $app): DataResponse { - $this->appManager->disableApp($app); + try { + $app = $this->verifyAppId($app); + $this->appManager->disableApp($app); + } catch (\InvalidArgumentException $e) { + throw new OCSException($e->getMessage(), OCSController::RESPOND_UNAUTHORISED); + } return new DataResponse(); } } |