diff options
Diffstat (limited to 'apps/theming/lib/Util.php')
| -rw-r--r-- | apps/theming/lib/Util.php | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/apps/theming/lib/Util.php b/apps/theming/lib/Util.php index ec85120413f..797456632fc 100644 --- a/apps/theming/lib/Util.php +++ b/apps/theming/lib/Util.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -13,19 +14,17 @@ use OCP\Files\NotFoundException; use OCP\Files\SimpleFS\ISimpleFile; use OCP\IConfig; use OCP\IUserSession; +use OCP\Server; +use OCP\ServerVersion; class Util { - - private IConfig $config; - private IAppManager $appManager; - private IAppData $appData; - private ImageManager $imageManager; - - public function __construct(IConfig $config, IAppManager $appManager, IAppData $appData, ImageManager $imageManager) { - $this->config = $config; - $this->appManager = $appManager; - $this->appData = $appData; - $this->imageManager = $imageManager; + public function __construct( + private ServerVersion $serverVersion, + private IConfig $config, + private IAppManager $appManager, + private IAppData $appData, + private ImageManager $imageManager, + ) { } /** @@ -188,8 +187,8 @@ class Util { * @return string base64 encoded radio button svg */ public function generateRadioButton($color) { - $radioButtonIcon = '<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16">' . - '<path d="M8 1a7 7 0 0 0-7 7 7 7 0 0 0 7 7 7 7 0 0 0 7-7 7 7 0 0 0-7-7zm0 1a6 6 0 0 1 6 6 6 6 0 0 1-6 6 6 6 0 0 1-6-6 6 6 0 0 1 6-6zm0 2a4 4 0 1 0 0 8 4 4 0 0 0 0-8z" fill="'.$color.'"/></svg>'; + $radioButtonIcon = '<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16">' + . '<path d="M8 1a7 7 0 0 0-7 7 7 7 0 0 0 7 7 7 7 0 0 0 7-7 7 7 0 0 0-7-7zm0 1a6 6 0 0 1 6 6 6 6 0 0 1-6 6 6 6 0 0 1-6-6 6 6 0 0 1 6-6zm0 2a4 4 0 1 0 0 8 4 4 0 0 0 0-8z" fill="' . $color . '"/></svg>'; return base64_encode($radioButtonIcon); } @@ -199,7 +198,7 @@ class Util { * @return string|ISimpleFile path to app icon / file of logo */ public function getAppIcon($app) { - $app = str_replace(['\0', '/', '\\', '..'], '', $app); + $app = $this->appManager->cleanAppId($app); try { $appPath = $this->appManager->getAppPath($app); $icon = $appPath . '/img/' . $app . '.svg'; @@ -230,9 +229,12 @@ class Util { * @return string|false absolute path to image */ public function getAppImage($app, $image) { - $app = str_replace(['\0', '/', '\\', '..'], '', $app); + $app = $this->appManager->cleanAppId($app); + /** + * @psalm-taint-escape file + */ $image = str_replace(['\0', '\\', '..'], '', $image); - if ($app === "core") { + if ($app === 'core') { $icon = \OC::$SERVERROOT . '/core/img/' . $image; if (file_exists($icon)) { return $icon; @@ -305,18 +307,20 @@ class Util { } public function getCacheBuster(): string { - $userSession = \OC::$server->get(IUserSession::class); + $userSession = Server::get(IUserSession::class); $userId = ''; $user = $userSession->getUser(); if (!is_null($user)) { $userId = $user->getUID(); } + $serverVersion = $this->serverVersion->getVersionString(); + $themingAppVersion = $this->appManager->getAppVersion('theming'); $userCacheBuster = ''; if ($userId) { $userCacheBusterValue = (int)$this->config->getUserValue($userId, 'theming', 'userCacheBuster', '0'); $userCacheBuster = $userId . '_' . $userCacheBusterValue; } $systemCacheBuster = $this->config->getAppValue('theming', 'cachebuster', '0'); - return substr(sha1($userCacheBuster . $systemCacheBuster), 0, 8); + return substr(sha1($serverVersion . $themingAppVersion . $userCacheBuster . $systemCacheBuster), 0, 8); } } |