mirror of
https://github.com/nextcloud/server.git
synced 2026-02-19 02:38:40 -05:00
fix(appmanager): Fix tainted file path when loading appinfos
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
parent
3f75c4808d
commit
07449847e1
6 changed files with 39 additions and 30 deletions
|
|
@ -22,11 +22,6 @@
|
|||
<code><![CDATA['Location: ' . \OC::$WEBROOT . '/']]></code>
|
||||
</TaintedHeader>
|
||||
</file>
|
||||
<file src="lib/private/App/InfoParser.php">
|
||||
<TaintedFile>
|
||||
<code><![CDATA[$file]]></code>
|
||||
</TaintedFile>
|
||||
</file>
|
||||
<file src="lib/private/AppFramework/Utility/SimpleContainer.php">
|
||||
<TaintedCallable>
|
||||
<code><![CDATA[$name]]></code>
|
||||
|
|
|
|||
|
|
@ -2750,10 +2750,6 @@
|
|||
<NullArgument>
|
||||
<code><![CDATA[null]]></code>
|
||||
</NullArgument>
|
||||
<TypeDoesNotContainNull>
|
||||
<code><![CDATA[$appId === null]]></code>
|
||||
<code><![CDATA[$appId === null]]></code>
|
||||
</TypeDoesNotContainNull>
|
||||
</file>
|
||||
<file src="lib/private/legacy/OC_Helper.php">
|
||||
<InvalidArrayOffset>
|
||||
|
|
|
|||
|
|
@ -744,25 +744,19 @@ class AppManager implements IAppManager {
|
|||
*/
|
||||
public function getAppInfo(string $appId, bool $path = false, $lang = null) {
|
||||
if ($path) {
|
||||
$file = $appId;
|
||||
} else {
|
||||
if ($lang === null && isset($this->appInfos[$appId])) {
|
||||
return $this->appInfos[$appId];
|
||||
}
|
||||
try {
|
||||
$appPath = $this->getAppPath($appId);
|
||||
} catch (AppPathNotFoundException $e) {
|
||||
return null;
|
||||
}
|
||||
$file = $appPath . '/appinfo/info.xml';
|
||||
throw new \InvalidArgumentException('Calling IAppManager::getAppInfo() with a path is no longer supported. Please call IAppManager::getAppInfoByPath() instead and verify that the path is good before calling.');
|
||||
}
|
||||
|
||||
$parser = new InfoParser($this->memCacheFactory->createLocal('core.appinfo'));
|
||||
$data = $parser->parse($file);
|
||||
|
||||
if (is_array($data)) {
|
||||
$data = \OC_App::parseAppInfo($data, $lang);
|
||||
if ($lang === null && isset($this->appInfos[$appId])) {
|
||||
return $this->appInfos[$appId];
|
||||
}
|
||||
try {
|
||||
$appPath = $this->getAppPath($appId);
|
||||
} catch (AppPathNotFoundException) {
|
||||
return null;
|
||||
}
|
||||
$file = $appPath . '/appinfo/info.xml';
|
||||
|
||||
$data = $this->getAppInfoByPath($file, $lang);
|
||||
|
||||
if ($lang === null) {
|
||||
$this->appInfos[$appId] = $data;
|
||||
|
|
@ -771,6 +765,21 @@ class AppManager implements IAppManager {
|
|||
return $data;
|
||||
}
|
||||
|
||||
public function getAppInfoByPath(string $path, ?string $lang = null): ?array {
|
||||
if (!str_ends_with($path, '/appinfo/info.xml')) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$parser = new InfoParser($this->memCacheFactory->createLocal('core.appinfo'));
|
||||
$data = $parser->parse($path);
|
||||
|
||||
if (is_array($data)) {
|
||||
$data = \OC_App::parseAppInfo($data, $lang);
|
||||
}
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
public function getAppVersion(string $appId, bool $useCache = true): string {
|
||||
if (!$useCache || !isset($this->appVersions[$appId])) {
|
||||
$appInfo = $this->getAppInfo($appId);
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ class Installer {
|
|||
}
|
||||
|
||||
$l = \OCP\Util::getL10N('core');
|
||||
$info = \OCP\Server::get(IAppManager::class)->getAppInfo($basedir . '/appinfo/info.xml', true, $l->getLanguageCode());
|
||||
$info = \OCP\Server::get(IAppManager::class)->getAppInfoByPath($basedir . '/appinfo/info.xml', $l->getLanguageCode());
|
||||
|
||||
if (!is_array($info)) {
|
||||
throw new \Exception(
|
||||
|
|
|
|||
|
|
@ -313,7 +313,8 @@ class OC_App {
|
|||
* @deprecated 11.0.0 use \OCP\Server::get(IAppManager)->getAppPath()
|
||||
*/
|
||||
public static function getAppPath(string $appId, bool $refreshAppPath = false) {
|
||||
if ($appId === null || trim($appId) === '') {
|
||||
$appId = self::cleanAppId($appId);
|
||||
if ($appId === '') {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -346,7 +347,7 @@ class OC_App {
|
|||
*/
|
||||
public static function getAppVersionByPath(string $path): string {
|
||||
$infoFile = $path . '/appinfo/info.xml';
|
||||
$appData = \OC::$server->getAppManager()->getAppInfo($infoFile, true);
|
||||
$appData = \OCP\Server::get(IAppManager::class)->getAppInfoByPath($infoFile);
|
||||
return $appData['version'] ?? '';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,14 +25,22 @@ interface IAppManager {
|
|||
public const BACKEND_CALDAV = 'caldav';
|
||||
|
||||
/**
|
||||
* Returns the app information from "appinfo/info.xml".
|
||||
* Returns the app information from "appinfo/info.xml" for an app
|
||||
*
|
||||
* @param string|null $lang
|
||||
* @return array|null
|
||||
* @since 14.0.0
|
||||
* @since 31.0.0 Usage of $path is discontinued and throws an \InvalidArgumentException, use {@see self::getAppInfoByPath} instead.
|
||||
*/
|
||||
public function getAppInfo(string $appId, bool $path = false, $lang = null);
|
||||
|
||||
/**
|
||||
* Returns the app information from a given path ending with "/appinfo/info.xml"
|
||||
*
|
||||
* @since 31.0.0
|
||||
*/
|
||||
public function getAppInfoByPath(string $path, ?string $lang = null): ?array;
|
||||
|
||||
/**
|
||||
* Returns the app information from "appinfo/info.xml".
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue