Merge pull request #18674 from nextcloud/enh/no_global_GET

Do not use $_GET
This commit is contained in:
Roeland Jago Douma 2020-01-06 08:06:27 +01:00 committed by GitHub
commit 03cdff0da4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 6 deletions

View File

@ -198,13 +198,12 @@ class ShareesAPIController extends OCSController {
$shareTypes[] = Share::SHARE_TYPE_CIRCLE; $shareTypes[] = Share::SHARE_TYPE_CIRCLE;
} }
if (isset($_GET['shareType']) && is_array($_GET['shareType'])) { if ($shareType !== null && is_array($shareType)) {
$shareTypes = array_intersect($shareTypes, $_GET['shareType']); $shareTypes = array_intersect($shareTypes, $shareType);
sort($shareTypes);
} else if (is_numeric($shareType)) { } else if (is_numeric($shareType)) {
$shareTypes = array_intersect($shareTypes, [(int) $shareType]); $shareTypes = array_intersect($shareTypes, [(int) $shareType]);
sort($shareTypes);
} }
sort($shareTypes);
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';

View File

@ -271,9 +271,12 @@ class ShareesAPIControllerTest extends TestCase {
->setMethods(['isRemoteSharingAllowed', 'shareProviderExists', 'isRemoteGroupSharingAllowed']) ->setMethods(['isRemoteSharingAllowed', 'shareProviderExists', 'isRemoteGroupSharingAllowed'])
->getMock(); ->getMock();
$expectedShareTypes = $shareTypes;
sort($expectedShareTypes);
$this->collaboratorSearch->expects($this->once()) $this->collaboratorSearch->expects($this->once())
->method('search') ->method('search')
->with($search, $shareTypes, $this->anything(), $perPage, $perPage * ($page -1)) ->with($search, $expectedShareTypes, $this->anything(), $perPage, $perPage * ($page -1))
->willReturn([[], false]); ->willReturn([[], false]);
$sharees->expects($this->any()) $sharees->expects($this->any())