diff options
Diffstat (limited to 'apps/theming/lib/Util.php')
| -rw-r--r-- | apps/theming/lib/Util.php | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/apps/theming/lib/Util.php b/apps/theming/lib/Util.php index fbb465505ac..797456632fc 100644 --- a/apps/theming/lib/Util.php +++ b/apps/theming/lib/Util.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -13,6 +14,7 @@ use OCP\Files\NotFoundException; use OCP\Files\SimpleFS\ISimpleFile; use OCP\IConfig; use OCP\IUserSession; +use OCP\Server; use OCP\ServerVersion; class Util { @@ -185,8 +187,8 @@ class Util { * @return string base64 encoded radio button svg */ public function generateRadioButton($color) { - $radioButtonIcon = '<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16">' . - '<path d="M8 1a7 7 0 0 0-7 7 7 7 0 0 0 7 7 7 7 0 0 0 7-7 7 7 0 0 0-7-7zm0 1a6 6 0 0 1 6 6 6 6 0 0 1-6 6 6 6 0 0 1-6-6 6 6 0 0 1 6-6zm0 2a4 4 0 1 0 0 8 4 4 0 0 0 0-8z" fill="' . $color . '"/></svg>'; + $radioButtonIcon = '<svg xmlns="http://www.w3.org/2000/svg" height="16" width="16">' + . '<path d="M8 1a7 7 0 0 0-7 7 7 7 0 0 0 7 7 7 7 0 0 0 7-7 7 7 0 0 0-7-7zm0 1a6 6 0 0 1 6 6 6 6 0 0 1-6 6 6 6 0 0 1-6-6 6 6 0 0 1 6-6zm0 2a4 4 0 1 0 0 8 4 4 0 0 0 0-8z" fill="' . $color . '"/></svg>'; return base64_encode($radioButtonIcon); } @@ -196,7 +198,7 @@ class Util { * @return string|ISimpleFile path to app icon / file of logo */ public function getAppIcon($app) { - $app = str_replace(['\0', '/', '\\', '..'], '', $app); + $app = $this->appManager->cleanAppId($app); try { $appPath = $this->appManager->getAppPath($app); $icon = $appPath . '/img/' . $app . '.svg'; @@ -227,7 +229,10 @@ class Util { * @return string|false absolute path to image */ public function getAppImage($app, $image) { - $app = str_replace(['\0', '/', '\\', '..'], '', $app); + $app = $this->appManager->cleanAppId($app); + /** + * @psalm-taint-escape file + */ $image = str_replace(['\0', '\\', '..'], '', $image); if ($app === 'core') { $icon = \OC::$SERVERROOT . '/core/img/' . $image; @@ -302,7 +307,7 @@ class Util { } public function getCacheBuster(): string { - $userSession = \OC::$server->get(IUserSession::class); + $userSession = Server::get(IUserSession::class); $userId = ''; $user = $userSession->getUser(); if (!is_null($user)) { |