mirror of
https://github.com/nextcloud/server.git
synced 2026-02-22 01:11:23 -05:00
fix: mark systemconfig value as not being tainted because they are implicitly trusted
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman
Louis
parent
57ffbb7391
commit
e2bff39f73
1 changed files with 19 additions and 1 deletions
|
|
@ -114,6 +114,24 @@ class SystemConfig {
|
|||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* Since system config is admin controlled, we can tell psalm to ignore any taint
|
||||
*
|
||||
* @psalm-taint-escape sql
|
||||
* @psalm-taint-escape html
|
||||
* @psalm-taint-escape ldap
|
||||
* @psalm-taint-escape callable
|
||||
* @psalm-taint-escape file
|
||||
* @psalm-taint-escape ssrf
|
||||
* @psalm-taint-escape cookie
|
||||
* @psalm-taint-escape header
|
||||
* @psalm-taint-escape has_quotes
|
||||
* @psalm-pure
|
||||
*/
|
||||
public static function trustSystemConfig(mixed $value): mixed {
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Lists all available config keys
|
||||
* @return array an array of key names
|
||||
|
|
@ -150,7 +168,7 @@ class SystemConfig {
|
|||
* @return mixed the value or $default
|
||||
*/
|
||||
public function getValue($key, $default = '') {
|
||||
return $this->config->getValue($key, $default);
|
||||
return $this->trustSystemConfig($this->config->getValue($key, $default));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in a new issue