diff --git a/apps/dav/lib/DAV/CustomPropertiesBackend.php b/apps/dav/lib/DAV/CustomPropertiesBackend.php index 85382ac3a1c..7b3b3211d9b 100644 --- a/apps/dav/lib/DAV/CustomPropertiesBackend.php +++ b/apps/dav/lib/DAV/CustomPropertiesBackend.php @@ -430,6 +430,18 @@ class CustomPropertiesBackend implements BackendInterface { return $path; } + private static function checkIsArrayOfScalar(string $name, array $array): void { + foreach ($array as $item) { + if (is_array($item)) { + self::checkIsArrayOfScalar($name, $item); + } elseif ($item !== null && !is_scalar($item)) { + throw new DavException( + "Property \"$name\" has an invalid value of array containing " . gettype($item), + ); + } + } + } + /** * @param mixed $value * @return array @@ -443,25 +455,20 @@ class CustomPropertiesBackend implements BackendInterface { } else { if (is_array($value)) { // For array only allow scalar values - foreach ($value as $item) { - if (!is_scalar($item)) { - throw new DavException( - "Property \"$name\" has an invalid value of array containing " . gettype($value), - ); - } - } + self::checkIsArrayOfScalar($name, $value); } elseif (!is_object($value)) { throw new DavException( "Property \"$name\" has an invalid value of type " . gettype($value), ); - } - if (!str_starts_with($value::class, 'Sabre\\DAV\\Xml\\Property\\') - && !str_starts_with($value::class, 'Sabre\\CalDAV\\Xml\\Property\\') - && !str_starts_with($value::class, 'Sabre\\CardDAV\\Xml\\Property\\') - && !str_starts_with($value::class, 'OCA\\DAV\\')) { - throw new DavException( - "Property \"$name\" has an invalid value of class " . $value::class, - ); + } else { + if (!str_starts_with($value::class, 'Sabre\\DAV\\Xml\\Property\\') + && !str_starts_with($value::class, 'Sabre\\CalDAV\\Xml\\Property\\') + && !str_starts_with($value::class, 'Sabre\\CardDAV\\Xml\\Property\\') + && !str_starts_with($value::class, 'OCA\\DAV\\')) { + throw new DavException( + "Property \"$name\" has an invalid value of class " . $value::class, + ); + } } $valueType = self::PROPERTY_TYPE_OBJECT; $value = serialize($value);