mirror of
https://github.com/nextcloud/server.git
synced 2026-02-18 18:28:50 -05:00
fix: Correctly tag json encoding in BaseResponse to fix false-positive
…in psalm taint analysis Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
parent
aac79bad9b
commit
fa108d5b54
2 changed files with 9 additions and 9 deletions
|
|
@ -16,14 +16,6 @@
|
|||
<code><![CDATA[$this->cache]]></code>
|
||||
</TaintedHtml>
|
||||
</file>
|
||||
<file src="lib/private/OCS/ApiHelper.php">
|
||||
<TaintedHtml>
|
||||
<code><![CDATA[$body]]></code>
|
||||
</TaintedHtml>
|
||||
<TaintedTextWithQuotes>
|
||||
<code><![CDATA[$body]]></code>
|
||||
</TaintedTextWithQuotes>
|
||||
</file>
|
||||
<file src="lib/private/Route/Router.php">
|
||||
<TaintedCallable>
|
||||
<code><![CDATA[$appNameSpace . '\\Controller\\' . basename($file->getPathname(), '.php')]]></code>
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ abstract class BaseResponse extends Response {
|
|||
];
|
||||
|
||||
if ($this->format === 'json') {
|
||||
return json_encode($response, JSON_HEX_TAG);
|
||||
return $this->toJson($response);
|
||||
}
|
||||
|
||||
$writer = new \XMLWriter();
|
||||
|
|
@ -111,6 +111,14 @@ abstract class BaseResponse extends Response {
|
|||
return $writer->outputMemory(true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @psalm-taint-escape has_quotes
|
||||
* @psalm-taint-escape html
|
||||
*/
|
||||
protected function toJson(array $array): string {
|
||||
return \json_encode($array, \JSON_HEX_TAG);
|
||||
}
|
||||
|
||||
protected function toXML(array $array, \XMLWriter $writer): void {
|
||||
foreach ($array as $k => $v) {
|
||||
if ($k === '@attributes' && is_array($v)) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue