Sanitize the appId passed to `findAppInDirectories`
Would have prevented quite some security bugs in the past. Nice hardening for now.
This commit is contained in:
parent
d6276faff6
commit
715f89a9d9
|
@ -474,9 +474,13 @@ class OC_App {
|
||||||
* search for an app in all app-directories
|
* search for an app in all app-directories
|
||||||
*
|
*
|
||||||
* @param string $appId
|
* @param string $appId
|
||||||
* @return mixed (bool|string)
|
* @return false|string
|
||||||
*/
|
*/
|
||||||
protected static function findAppInDirectories($appId) {
|
protected static function findAppInDirectories($appId) {
|
||||||
|
$sanitizedAppId = self::cleanAppId($appId);
|
||||||
|
if($sanitizedAppId !== $appId) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
static $app_dir = array();
|
static $app_dir = array();
|
||||||
|
|
||||||
if (isset($app_dir[$appId])) {
|
if (isset($app_dir[$appId])) {
|
||||||
|
|
Loading…
Reference in New Issue