aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/private/App/AppManager.php9
-rw-r--r--lib/private/Authentication/TwoFactorAuth/ProviderLoader.php30
-rw-r--r--lib/private/L10N/Factory.php2
-rw-r--r--lib/private/Route/Router.php26
-rw-r--r--lib/private/legacy/OC_App.php3
-rw-r--r--lib/public/App/IAppManager.php16
6 files changed, 49 insertions, 37 deletions
diff --git a/lib/private/App/AppManager.php b/lib/private/App/AppManager.php
index fe2f7b74b22..974545cfe92 100644
--- a/lib/private/App/AppManager.php
+++ b/lib/private/App/AppManager.php
@@ -647,11 +647,9 @@ class AppManager implements IAppManager {
/**
* Get the directory for the given app.
*
- * @param string $appId
- * @return string
* @throws AppPathNotFoundException if app folder can't be found
*/
- public function getAppPath($appId) {
+ public function getAppPath(string $appId): string {
$appPath = \OC_App::getAppPath($appId);
if ($appPath === false) {
throw new AppPathNotFoundException('Could not find path for ' . $appId);
@@ -877,4 +875,9 @@ class AppManager implements IAppManager {
return false;
}
+
+ public function cleanAppId(string $app): string {
+ // FIXME should list allowed characters instead
+ return str_replace(['<', '>', '"', "'", '\0', '/', '\\', '..'], '', $app);
+ }
}
diff --git a/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php b/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php
index b9a0a97bec4..7e674a01dd8 100644
--- a/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php
+++ b/lib/private/Authentication/TwoFactorAuth/ProviderLoader.php
@@ -9,8 +9,7 @@ declare(strict_types=1);
namespace OC\Authentication\TwoFactorAuth;
use Exception;
-use OC;
-use OC_App;
+use OC\AppFramework\Bootstrap\Coordinator;
use OCP\App\IAppManager;
use OCP\AppFramework\QueryException;
use OCP\Authentication\TwoFactorAuth\IProvider;
@@ -19,15 +18,10 @@ use OCP\IUser;
class ProviderLoader {
public const BACKUP_CODES_APP_ID = 'twofactor_backupcodes';
- /** @var IAppManager */
- private $appManager;
-
- /** @var OC\AppFramework\Bootstrap\Coordinator */
- private $coordinator;
-
- public function __construct(IAppManager $appManager, OC\AppFramework\Bootstrap\Coordinator $coordinator) {
- $this->appManager = $appManager;
- $this->coordinator = $coordinator;
+ public function __construct(
+ private IAppManager $appManager,
+ private Coordinator $coordinator,
+ ) {
}
/**
@@ -58,12 +52,12 @@ class ProviderLoader {
}
}
- $registeredProviders = $this->coordinator->getRegistrationContext()->getTwoFactorProviders();
+ $registeredProviders = $this->coordinator->getRegistrationContext()?->getTwoFactorProviders() ?? [];
foreach ($registeredProviders as $provider) {
try {
$this->loadTwoFactorApp($provider->getAppId());
- $provider = \OCP\Server::get($provider->getService());
- $providers[$provider->getId()] = $provider;
+ $providerInstance = \OCP\Server::get($provider->getService());
+ $providers[$providerInstance->getId()] = $providerInstance;
} catch (QueryException $exc) {
// Provider class can not be resolved
throw new Exception('Could not load two-factor auth provider ' . $provider->getService());
@@ -75,12 +69,10 @@ class ProviderLoader {
/**
* Load an app by ID if it has not been loaded yet
- *
- * @param string $appId
*/
- protected function loadTwoFactorApp(string $appId) {
- if (!OC_App::isAppLoaded($appId)) {
- OC_App::loadApp($appId);
+ protected function loadTwoFactorApp(string $appId): void {
+ if (!$this->appManager->isAppLoaded($appId)) {
+ $this->appManager->loadApp($appId);
}
}
}
diff --git a/lib/private/L10N/Factory.php b/lib/private/L10N/Factory.php
index 6b6dc5d3b40..fc76a15b07b 100644
--- a/lib/private/L10N/Factory.php
+++ b/lib/private/L10N/Factory.php
@@ -81,7 +81,7 @@ class Factory implements IFactory {
*/
public function get($app, $lang = null, $locale = null) {
return new LazyL10N(function () use ($app, $lang, $locale) {
- $app = \OC_App::cleanAppId($app);
+ $app = $this->appManager->cleanAppId($app);
if ($lang !== null) {
$lang = str_replace(['\0', '/', '\\', '..'], '', $lang);
}
diff --git a/lib/private/Route/Router.php b/lib/private/Route/Router.php
index 646d1d4e6ed..ba369eecac0 100644
--- a/lib/private/Route/Router.php
+++ b/lib/private/Route/Router.php
@@ -104,7 +104,7 @@ class Router implements IRouter {
*/
public function loadRoutes($app = null) {
if (is_string($app)) {
- $app = \OC_App::cleanAppId($app);
+ $app = $this->appManager->cleanAppId($app);
}
$requestedApp = $app;
@@ -123,11 +123,15 @@ class Router implements IRouter {
if (isset($this->loadedApps[$app])) {
return;
}
- $appPath = \OC_App::getAppPath($app);
- $file = $appPath . '/appinfo/routes.php';
- if ($appPath !== false && file_exists($file)) {
- $routingFiles = [$app => $file];
- } else {
+ try {
+ $appPath = $this->appManager->getAppPath($app);
+ $file = $appPath . '/appinfo/routes.php';
+ if (file_exists($file)) {
+ $routingFiles = [$app => $file];
+ } else {
+ $routingFiles = [];
+ }
+ } catch (AppPathNotFoundException) {
$routingFiles = [];
}
@@ -238,14 +242,14 @@ class Router implements IRouter {
// empty string / 'apps' / $app / rest of the route
[, , $app,] = explode('/', $url, 4);
- $app = \OC_App::cleanAppId($app);
+ $app = $this->appManager->cleanAppId($app);
\OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app);
} elseif (str_starts_with($url, '/ocsapp/apps/')) {
// empty string / 'ocsapp' / 'apps' / $app / rest of the route
[, , , $app,] = explode('/', $url, 5);
- $app = \OC_App::cleanAppId($app);
+ $app = $this->appManager->cleanAppId($app);
\OC::$REQUESTEDAPP = $app;
$this->loadRoutes($app);
} elseif (str_starts_with($url, '/settings/')) {
@@ -433,7 +437,11 @@ class Router implements IRouter {
$appControllerPath = __DIR__ . '/../../../core/Controller';
$appNameSpace = 'OC\\Core';
} else {
- $appControllerPath = \OC_App::getAppPath($app) . '/lib/Controller';
+ try {
+ $appControllerPath = $this->appManager->getAppPath($app) . '/lib/Controller';
+ } catch (AppPathNotFoundException) {
+ return [];
+ }
$appNameSpace = App::buildAppNamespace($app);
}
diff --git a/lib/private/legacy/OC_App.php b/lib/private/legacy/OC_App.php
index f48f4fd0b98..d72d5fe8522 100644
--- a/lib/private/legacy/OC_App.php
+++ b/lib/private/legacy/OC_App.php
@@ -45,8 +45,7 @@ class OC_App {
* @psalm-taint-escape html
* @psalm-taint-escape has_quotes
*
- * @param string $app AppId that needs to be cleaned
- * @return string
+ * @deprecated 31.0.0 use IAppManager::cleanAppId
*/
public static function cleanAppId(string $app): string {
return str_replace(['<', '>', '"', "'", '\0', '/', '\\', '..'], '', $app);
diff --git a/lib/public/App/IAppManager.php b/lib/public/App/IAppManager.php
index b735b0d7c64..68c3cc771f4 100644
--- a/lib/public/App/IAppManager.php
+++ b/lib/public/App/IAppManager.php
@@ -141,12 +141,10 @@ interface IAppManager {
/**
* Get the directory for the given app.
*
- * @param string $appId
- * @return string
* @since 11.0.0
* @throws AppPathNotFoundException
*/
- public function getAppPath($appId);
+ public function getAppPath(string $appId): string;
/**
* Get the web path for the given app.
@@ -282,4 +280,16 @@ interface IAppManager {
* @since 30.0.0
*/
public function isBackendRequired(string $backend): bool;
+
+ /**
+ * Clean the appId from forbidden characters
+ *
+ * @psalm-taint-escape file
+ * @psalm-taint-escape include
+ * @psalm-taint-escape html
+ * @psalm-taint-escape has_quotes
+ *
+ * @since 31.0.0
+ */
+ public function cleanAppId(string $app): string;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 13:46:47 +0000