Sanitize the appId passed to `findAppInDirectories`

Would have prevented quite some security bugs in the past. Nice hardening for now.
This commit is contained in:
Lukas Reschke 2015-12-08 10:01:09 +01:00
parent d6276faff6
commit 715f89a9d9
1 changed files with 5 additions and 1 deletions

View File

@ -474,9 +474,13 @@ class OC_App {
* search for an app in all app-directories * search for an app in all app-directories
* *
* @param string $appId * @param string $appId
* @return mixed (bool|string) * @return false|string
*/ */
protected static function findAppInDirectories($appId) { protected static function findAppInDirectories($appId) {
$sanitizedAppId = self::cleanAppId($appId);
if($sanitizedAppId !== $appId) {
return false;
}
static $app_dir = array(); static $app_dir = array();
if (isset($app_dir[$appId])) { if (isset($app_dir[$appId])) {