upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 54

fix: Work around false-positive psalm taint error calling print_r in admin_audit

Browse source 
Same issue as var_export, print_r is listed as sink but it’s not when
 using return:true. Anyway, using the logger context feature is better.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
Côme Chilliet 2025-02-17 12:12:02 +01:00
parent 85fbd3eb0a
commit 25f38883f1
No known key found for this signature in database
GPG key ID: A3E2F658B28C760A
2 changed files with 2 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apps/admin_audit/lib/Actions/Action.php
View file

@ -37,11 +37,8 @@ class Action {
);
} else {
$this->logger->critical(
sprintf(
'$params["' . $element . '"] was missing. Transferred value: %s',
print_r($params, true)
),
['app' => 'admin_audit']
'$params["' . $element . '"] was missing. Transferred value: {params}',
['app' => 'admin_audit', 'params' => $params]
);
}
return;

5
build/psalm-baseline-security.xml
View file

@ -1,10 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0">
<file src="apps/admin_audit/lib/Actions/Action.php">
<TaintedHtml>
<code><![CDATA[$params]]></code>
</TaintedHtml>
</file>
<file src="apps/files_external/lib/Config/ConfigAdapter.php">
<TaintedCallable>
<code><![CDATA[$objectClass]]></code>