From a7df23cebadfc0a60095ff53e4ae5e293eb02b38 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Fri, 13 Feb 2015 13:33:20 +0100 Subject: Manually type-case all AJAX files This enforces proper types on POST and GET arguments where I considered it sensible. I didn't update some as I don't know what kind of values they would support :see_no_evil: Fixes https://github.com/owncloud/core/issues/14196 for core --- core/ajax/appconfig.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'core/ajax/appconfig.php') diff --git a/core/ajax/appconfig.php b/core/ajax/appconfig.php index 7d73185dae6..4b670d8c5c3 100644 --- a/core/ajax/appconfig.php +++ b/core/ajax/appconfig.php @@ -11,14 +11,14 @@ OCP\JSON::callCheck(); $action=isset($_POST['action'])?$_POST['action']:$_GET['action']; if(isset($_POST['app']) || isset($_GET['app'])) { - $app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']); + $app=OC_App::cleanAppId(isset($_POST['app'])? (string)$_POST['app']: (string)$_GET['app']); } // An admin should not be able to add remote and public services // on its own. This should only be possible programmatically. // This change is due the fact that an admin may not be expected // to execute arbitrary code in every environment. -if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) { +if($app === 'core' && isset($_POST['key']) &&(substr((string)$_POST['key'],0,7) === 'remote_' || substr((string)$_POST['key'],0,7) === 'public_')) { OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); return; } @@ -27,10 +27,10 @@ $result=false; $appConfig = \OC::$server->getAppConfig(); switch($action) { case 'getValue': - $result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']); + $result=$appConfig->getValue($app, (string)$_GET['key'], (string)$_GET['defaultValue']); break; case 'setValue': - $result=$appConfig->setValue($app, $_POST['key'], $_POST['value']); + $result=$appConfig->setValue($app, (string)$_POST['key'], (string)$_POST['value']); break; case 'getApps': $result=$appConfig->getApps(); @@ -39,10 +39,10 @@ switch($action) { $result=$appConfig->getKeys($app); break; case 'hasKey': - $result=$appConfig->hasKey($app, $_GET['key']); + $result=$appConfig->hasKey($app, (string)$_GET['key']); break; case 'deleteKey': - $result=$appConfig->deleteKey($app, $_POST['key']); + $result=$appConfig->deleteKey($app, (string)$_POST['key']); break; case 'deleteApp': $result=$appConfig->deleteApp($app); -- cgit v1.2.3