mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #14199 from owncloud/cast-type-manually 

Manually type-cast all AJAX files
This commit is contained in:
Morris Jobke 2015-02-19 17:19:54 +01:00
parent df58eea93f cbe31fbf57
commit 75a7bcb10c
47 changed files with 131 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/files/ajax/delete.php
View File

@ -6,8 +6,8 @@ OCP\JSON::callCheck();
// Get data // Get data
$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
$allFiles = isset($_POST["allfiles"]) ? $_POST["allfiles"] : false; $allFiles = isset($_POST["allfiles"]) ? (string)$_POST["allfiles"] : false;
// delete all files in dir ? // delete all files in dir ?
if ($allFiles === 'true') { if ($allFiles === 'true') {
@ -17,7 +17,7 @@ if ($allFiles === 'true') {
$files[] = $fileInfo['name']; $files[] = $fileInfo['name'];
} }
} else { } else {
$files = isset($_POST["file"]) ? $_POST["file"] : $_POST["files"]; $files = isset($_POST["file"]) ? (string)$_POST["file"] : (string)$_POST["files"];
$files = json_decode($files); $files = json_decode($files);
} }
$filesWithError = ''; $filesWithError = '';

4
apps/files/ajax/download.php
View File

@ -25,8 +25,8 @@
OCP\User::checkLoggedIn(); OCP\User::checkLoggedIn();
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
$files = isset($_GET['files']) ? $_GET['files'] : ''; $files = isset($_GET['files']) ? (string)$_GET['files'] : '';
$dir = isset($_GET['dir']) ? $_GET['dir'] : ''; $dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$files_list = json_decode($files); $files_list = json_decode($files);
// in case we get only a single file // in case we get only a single file

2
apps/files/ajax/getstoragestats.php
View File

@ -3,7 +3,7 @@
$dir = '/'; $dir = '/';
if (isset($_GET['dir'])) { if (isset($_GET['dir'])) {
$dir = $_GET['dir']; $dir = (string)$_GET['dir'];
} }
OCP\JSON::checkLoggedIn(); OCP\JSON::checkLoggedIn();

2
apps/files/ajax/list.php
View File

@ -20,7 +20,7 @@ try {
$permissions = $dirInfo->getPermissions(); $permissions = $dirInfo->getPermissions();
$sortAttribute = isset($_GET['sort']) ? $_GET['sort'] : 'name'; $sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name';
$sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false; $sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false;
// make filelist // make filelist

2
apps/files/ajax/mimeicon.php
View File

@ -1,6 +1,6 @@
<?php <?php
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
$mime = isset($_GET['mime']) ? $_GET['mime'] : ''; $mime = isset($_GET['mime']) ? (string)$_GET['mime'] : '';
print OC_Helper::mimetypeIcon($mime); print OC_Helper::mimetypeIcon($mime);

6
apps/files/ajax/move.php
View File

@ -5,9 +5,9 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
// Get data // Get data
$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
$file = isset($_POST['file']) ? $_POST['file'] : ''; $file = isset($_POST['file']) ? (string)$_POST['file'] : '';
$target = isset($_POST['target']) ? rawurldecode($_POST['target']) : ''; $target = isset($_POST['target']) ? rawurldecode((string)$_POST['target']) : '';
$l = \OC::$server->getL10N('files'); $l = \OC::$server->getL10N('files');

8
apps/files/ajax/newfile.php
View File

@ -9,10 +9,10 @@ global $eventSource;
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
// Get the params // Get the params
$dir = isset( $_REQUEST['dir'] ) ? '/'.trim($_REQUEST['dir'], '/\\') : ''; $dir = isset( $_REQUEST['dir'] ) ? '/'.trim((string)$_REQUEST['dir'], '/\\') : '';
$filename = isset( $_REQUEST['filename'] ) ? trim($_REQUEST['filename'], '/\\') : ''; $filename = isset( $_REQUEST['filename'] ) ? trim((string)$_REQUEST['filename'], '/\\') : '';
$content = isset( $_REQUEST['content'] ) ? $_REQUEST['content'] : ''; $content = isset( $_REQUEST['content'] ) ? (string)$_REQUEST['content'] : '';
$source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : ''; $source = isset( $_REQUEST['source'] ) ? trim((string)$_REQUEST['source'], '/\\') : '';
if($source) { if($source) {
$eventSource = \OC::$server->createEventSource(); $eventSource = \OC::$server->createEventSource();

4
apps/files/ajax/newfolder.php
View File

@ -8,8 +8,8 @@ OCP\JSON::callCheck();
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
// Get the params // Get the params
$dir = isset($_POST['dir']) ? $_POST['dir'] : ''; $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
$foldername = isset($_POST['foldername']) ? $_POST['foldername'] : ''; $foldername = isset($_POST['foldername']) ?(string) $_POST['foldername'] : '';
$l10n = \OC::$server->getL10N('files'); $l10n = \OC::$server->getL10N('files');

6
apps/files/ajax/rename.php
View File

@ -30,9 +30,9 @@ $files = new \OCA\Files\App(
\OC::$server->getL10N('files') \OC::$server->getL10N('files')
); );
$result = $files->rename( $result = $files->rename(
isset($_GET['dir']) ? $_GET['dir'] : '', isset($_GET['dir']) ? (string)$_GET['dir'] : '',
isset($_GET['file']) ? $_GET['file'] : '', isset($_GET['file']) ? (string)$_GET['file'] : '',
isset($_GET['newname']) ? $_GET['newname'] : '' isset($_GET['newname']) ? (string)$_GET['newname'] : ''
); );
if($result['success'] === true){ if($result['success'] === true){

2
apps/files/ajax/scan.php
View File

@ -7,7 +7,7 @@ set_time_limit(0); //scanning can take ages
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
$force = (isset($_GET['force']) and ($_GET['force'] === 'true')); $force = (isset($_GET['force']) and ($_GET['force'] === 'true'));
$dir = isset($_GET['dir']) ? $_GET['dir'] : ''; $dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
if (isset($_GET['users'])) { if (isset($_GET['users'])) {
\OCP\JSON::checkAdminUser(); \OCP\JSON::checkAdminUser();
if ($_GET['users'] === 'all') { if ($_GET['users'] === 'all') {

6
apps/files/ajax/upload.php
View File

@ -16,7 +16,7 @@ $l = \OC::$server->getL10N('files');
if (empty($_POST['dirToken'])) { if (empty($_POST['dirToken'])) {
// The standard case, files are uploaded through logged in users :) // The standard case, files are uploaded through logged in users :)
OCP\JSON::checkLoggedIn(); OCP\JSON::checkLoggedIn();
$dir = isset($_POST['dir']) ? $_POST['dir'] : ""; $dir = isset($_POST['dir']) ? (string)$_POST['dir'] : '';
if (!$dir || empty($dir) || $dir === false) { if (!$dir || empty($dir) || $dir === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.'))))); OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Unable to set upload directory.')))));
die(); die();
@ -30,9 +30,9 @@ if (empty($_POST['dirToken'])) {
// return only read permissions for public upload // return only read permissions for public upload
$allowedPermissions = \OCP\Constants::PERMISSION_READ; $allowedPermissions = \OCP\Constants::PERMISSION_READ;
$publicDirectory = !empty($_POST['subdir']) ? $_POST['subdir'] : '/'; $publicDirectory = !empty($_POST['subdir']) ? (string)$_POST['subdir'] : '/';
$linkItem = OCP\Share::getShareByToken($_POST['dirToken']); $linkItem = OCP\Share::getShareByToken((string)$_POST['dirToken']);
if ($linkItem === false) { if ($linkItem === false) {
OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token'))))); OCP\JSON::error(array('data' => array_merge(array('message' => $l->t('Invalid Token')))));
die(); die();

4
apps/files_encryption/ajax/adminrecovery.php
View File

@ -43,7 +43,7 @@ $recoveryKeyId = \OC::$server->getAppConfig()->getValue('files_encryption', 'rec
if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') { if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') {
$return = Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']); $return = Helper::adminEnableRecovery($recoveryKeyId, (string)$_POST['recoveryPassword']);
// Return success or failure // Return success or failure
if ($return) { if ($return) {
@ -57,7 +57,7 @@ if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1
isset($_POST['adminEnableRecovery']) isset($_POST['adminEnableRecovery'])
&& '0' === $_POST['adminEnableRecovery'] && '0' === $_POST['adminEnableRecovery']
) { ) {
$return = Helper::adminDisableRecovery($_POST['recoveryPassword']); $return = Helper::adminDisableRecovery((string)$_POST['recoveryPassword']);
if ($return) { if ($return) {
$successMessage = $l->t('Recovery key successfully disabled'); $successMessage = $l->t('Recovery key successfully disabled');

6
apps/files_encryption/ajax/changeRecoveryPassword.php
View File

@ -17,9 +17,9 @@ $l = \OC::$server->getL10N('core');
$return = false; $return = false;
$oldPassword = $_POST['oldPassword']; $oldPassword = (string)$_POST['oldPassword'];
$newPassword = $_POST['newPassword']; $newPassword = (string)$_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword']; $confirmPassword = (string)$_POST['confirmPassword'];
//check if both passwords are the same //check if both passwords are the same
if (empty($_POST['oldPassword'])) { if (empty($_POST['oldPassword'])) {

4
apps/files_encryption/ajax/getMigrationStatus.php
View File

@ -11,8 +11,8 @@ use OCA\Files_Encryption\Util;
\OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::checkAppEnabled('files_encryption');
$loginname = isset($_POST['user']) ? $_POST['user'] : ''; $loginname = isset($_POST['user']) ? (string)$_POST['user'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : ''; $password = isset($_POST['password']) ? (string)$_POST['password'] : '';
$migrationStatus = Util::MIGRATION_COMPLETED; $migrationStatus = Util::MIGRATION_COMPLETED;

4
apps/files_encryption/ajax/updatePrivateKeyPassword.php
View File

@ -18,8 +18,8 @@ $l = \OC::$server->getL10N('core');
$return = false; $return = false;
$errorMessage = $l->t('Could not update the private key password.'); $errorMessage = $l->t('Could not update the private key password.');
$oldPassword = $_POST['oldPassword']; $oldPassword = (string)$_POST['oldPassword'];
$newPassword = $_POST['newPassword']; $newPassword = (string)$_POST['newPassword'];
$view = new \OC\Files\View('/'); $view = new \OC\Files\View('/');
$session = new \OCA\Files_Encryption\Session($view); $session = new \OCA\Files_Encryption\Session($view);

2
apps/files_encryption/ajax/userrecovery.php
View File

@ -23,7 +23,7 @@ if (
$util = new \OCA\Files_Encryption\Util($view, $userId); $util = new \OCA\Files_Encryption\Util($view, $userId);
// Save recovery preference to DB // Save recovery preference to DB
$return = $util->setRecoveryForUser($_POST['userEnableRecovery']); $return = $util->setRecoveryForUser((string)$_POST['userEnableRecovery']);
if ($_POST['userEnableRecovery'] === '1') { if ($_POST['userEnableRecovery'] === '1') {
$util->addRecoveryKeys(); $util->addRecoveryKeys();

12
apps/files_external/ajax/addMountPoint.php
View File

@ -11,12 +11,12 @@ if ($_POST['isPersonal'] == 'true') {
$isPersonal = false; $isPersonal = false;
} }
$mountPoint = $_POST['mountPoint']; $mountPoint = (string)$_POST['mountPoint'];
$oldMountPoint = $_POST['oldMountPoint']; $oldMountPoint = (string)$_POST['oldMountPoint'];
$class = $_POST['class']; $class = (string)$_POST['class'];
$options = $_POST['classOptions']; $options = (string)$_POST['classOptions'];
$type = $_POST['mountType']; $type = (string)$_POST['mountType'];
$applicable = $_POST['applicable']; $applicable = (string)$_POST['applicable'];
if ($oldMountPoint and $oldMountPoint !== $mountPoint) { if ($oldMountPoint and $oldMountPoint !== $mountPoint) {
OC_Mount_Config::removeMountPoint($oldMountPoint, $type, $applicable, $isPersonal); OC_Mount_Config::removeMountPoint($oldMountPoint, $type, $applicable, $isPersonal);

6
apps/files_external/ajax/applicable.php
View File

@ -9,13 +9,13 @@ $pattern = '';
$limit = null; $limit = null;
$offset = null; $offset = null;
if (isset($_GET['pattern'])) { if (isset($_GET['pattern'])) {
$pattern = $_GET['pattern']; $pattern = (string)$_GET['pattern'];
} }
if (isset($_GET['limit'])) { if (isset($_GET['limit'])) {
$limit = $_GET['limit']; $limit = (int)$_GET['limit'];
} }
if (isset($_GET['offset'])) { if (isset($_GET['offset'])) {
$offset = $_GET['offset']; $offset = (int)$_GET['offset'];
} }
$groups = \OC_Group::getGroups($pattern, $limit, $offset); $groups = \OC_Group::getGroups($pattern, $limit, $offset);

6
apps/files_external/ajax/dropbox.php
View File

@ -8,13 +8,13 @@ OCP\JSON::callCheck();
$l = \OC::$server->getL10N('files_external'); $l = \OC::$server->getL10N('files_external');
if (isset($_POST['app_key']) && isset($_POST['app_secret'])) { if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
$oauth = new Dropbox_OAuth_Curl($_POST['app_key'], $_POST['app_secret']); $oauth = new Dropbox_OAuth_Curl((string)$_POST['app_key'], (string)$_POST['app_secret']);
if (isset($_POST['step'])) { if (isset($_POST['step'])) {
switch ($_POST['step']) { switch ($_POST['step']) {
case 1: case 1:
try { try {
if (isset($_POST['callback'])) { if (isset($_POST['callback'])) {
$callback = $_POST['callback']; $callback = (string)$_POST['callback'];
} else { } else {
$callback = null; $callback = null;
} }
@ -31,7 +31,7 @@ if (isset($_POST['app_key']) && isset($_POST['app_secret'])) {
case 2: case 2:
if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) { if (isset($_POST['request_token']) && isset($_POST['request_token_secret'])) {
try { try {
$oauth->setToken($_POST['request_token'], $_POST['request_token_secret']); $oauth->setToken((string)$_POST['request_token'], (string)$_POST['request_token_secret']);
$token = $oauth->getAccessToken(); $token = $oauth->getAccessToken();
OCP\JSON::success(array('access_token' => $token['token'], OCP\JSON::success(array('access_token' => $token['token'],
'access_token_secret' => $token['token_secret'])); 'access_token_secret' => $token['token_secret']));

8
apps/files_external/ajax/google.php
View File

@ -10,9 +10,9 @@ $l = \OC::$server->getL10N('files_external');
if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST['redirect'])) { if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST['redirect'])) {
$client = new Google_Client(); $client = new Google_Client();
$client->setClientId($_POST['client_id']); $client->setClientId((string)$_POST['client_id']);
$client->setClientSecret($_POST['client_secret']); $client->setClientSecret((string)$_POST['client_secret']);
$client->setRedirectUri($_POST['redirect']); $client->setRedirectUri((string)$_POST['redirect']);
$client->setScopes(array('https://www.googleapis.com/auth/drive')); $client->setScopes(array('https://www.googleapis.com/auth/drive'));
$client->setAccessType('offline'); $client->setAccessType('offline');
if (isset($_POST['step'])) { if (isset($_POST['step'])) {
@ -30,7 +30,7 @@ if (isset($_POST['client_id']) && isset($_POST['client_secret']) && isset($_POST
} }
} else if ($step == 2 && isset($_POST['code'])) { } else if ($step == 2 && isset($_POST['code'])) {
try { try {
$token = $client->authenticate($_POST['code']); $token = $client->authenticate((string)$_POST['code']);
OCP\JSON::success(array('data' => array( OCP\JSON::success(array('data' => array(
'token' => $token 'token' => $token
))); )));

2
apps/files_external/ajax/removeMountPoint.php
View File

@ -20,4 +20,4 @@ if ($_POST['isPersonal'] == 'true') {
$isPersonal = false; $isPersonal = false;
} }
OC_Mount_Config::removeMountPoint($_POST['mountPoint'], $_POST['mountType'], $_POST['applicable'], $isPersonal); OC_Mount_Config::removeMountPoint((string)$_POST['mountPoint'], (string)$_POST['mountType'], (string)$_POST['applicable'], $isPersonal);

4
apps/files_trashbin/ajax/delete.php
View File

@ -7,7 +7,7 @@ OCP\JSON::callCheck();
$folder = isset($_POST['dir']) ? $_POST['dir'] : '/'; $folder = isset($_POST['dir']) ? $_POST['dir'] : '/';
// "empty trash" command // "empty trash" command
if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){ if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true'){
$deleteAll = true; $deleteAll = true;
if ($folder === '/' || $folder === '') { if ($folder === '/' || $folder === '') {
OCA\Files_Trashbin\Trashbin::deleteAll(); OCA\Files_Trashbin\Trashbin::deleteAll();
@ -19,7 +19,7 @@ if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true'){
} }
else { else {
$deleteAll = false; $deleteAll = false;
$files = $_POST['files']; $files = (string)$_POST['files'];
$list = json_decode($files); $list = json_decode($files);
} }

6
apps/files_trashbin/ajax/list.php
View File

@ -4,9 +4,9 @@ OCP\JSON::checkLoggedIn();
\OC::$server->getSession()->close(); \OC::$server->getSession()->close();
// Load the files // Load the files
$dir = isset( $_GET['dir'] ) ? $_GET['dir'] : ''; $dir = isset($_GET['dir']) ? (string)$_GET['dir'] : '';
$sortAttribute = isset( $_GET['sort'] ) ? $_GET['sort'] : 'name'; $sortAttribute = isset($_GET['sort']) ? (string)$_GET['sort'] : 'name';
$sortDirection = isset( $_GET['sortdirection'] ) ? ($_GET['sortdirection'] === 'desc') : false; $sortDirection = isset($_GET['sortdirection']) ? ($_GET['sortdirection'] === 'desc') : false;
$data = array(); $data = array();
// make filelist // make filelist

4
apps/files_trashbin/ajax/undelete.php
View File

@ -7,10 +7,10 @@ OCP\JSON::callCheck();
$files = $_POST['files']; $files = $_POST['files'];
$dir = '/'; $dir = '/';
if (isset($_POST['dir'])) { if (isset($_POST['dir'])) {
$dir = rtrim($_POST['dir'], '/'). '/'; $dir = rtrim((string)$_POST['dir'], '/'). '/';
} }
$allFiles = false; $allFiles = false;
if (isset($_POST['allfiles']) and $_POST['allfiles'] === 'true') { if (isset($_POST['allfiles']) && (string)$_POST['allfiles'] === 'true') {
$allFiles = true; $allFiles = true;
$list = array(); $list = array();
$dirListing = true; $dirListing = true;

4
apps/files_versions/ajax/getVersions.php
View File

@ -3,8 +3,8 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
OCP\JSON::checkAppEnabled('files_versions'); OCP\JSON::checkAppEnabled('files_versions');
$source = $_GET['source']; $source = (string)$_GET['source'];
$start = $_GET['start']; $start = (int)$_GET['start'];
list ($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($source); list ($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($source);
$count = 5; //show the newest revisions $count = 5; //show the newest revisions
$versions = OCA\Files_Versions\Storage::getVersions($uid, $filename, $source); $versions = OCA\Files_Versions\Storage::getVersions($uid, $filename, $source);

2
apps/files_versions/ajax/rollbackVersion.php
View File

@ -4,7 +4,7 @@ OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('files_versions'); OCP\JSON::checkAppEnabled('files_versions');
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$file = $_GET['file']; $file = (string)$_GET['file'];
$revision=(int)$_GET['revision']; $revision=(int)$_GET['revision'];
if(OCA\Files_Versions\Storage::rollback( $file, $revision )) { if(OCA\Files_Versions\Storage::rollback( $file, $revision )) {

2
apps/user_ldap/ajax/clearMappings.php
View File

@ -29,7 +29,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$subject = $_POST['ldap_clear_mapping']; $subject = (string)$_POST['ldap_clear_mapping'];
$mapping = null; $mapping = null;
if($subject === 'user') { if($subject === 'user') {
$mapping = new UserMapping(\OC::$server->getDatabaseConnection()); $mapping = new UserMapping(\OC::$server->getDatabaseConnection());

2
apps/user_ldap/ajax/deleteConfiguration.php
View File

@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$prefix = $_POST['ldap_serverconfig_chooser']; $prefix = (string)$_POST['ldap_serverconfig_chooser'];
$helper = new \OCA\user_ldap\lib\Helper(); $helper = new \OCA\user_ldap\lib\Helper();
if($helper->deleteServerConfiguration($prefix)) { if($helper->deleteServerConfiguration($prefix)) {
OCP\JSON::success(); OCP\JSON::success();

2
apps/user_ldap/ajax/getConfiguration.php
View File

@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$prefix = $_POST['ldap_serverconfig_chooser']; $prefix = (string)$_POST['ldap_serverconfig_chooser'];
$ldapWrapper = new OCA\user_ldap\lib\LDAP(); $ldapWrapper = new OCA\user_ldap\lib\LDAP();
$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix); $connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix);
OCP\JSON::success(array('configuration' => $connection->getConfiguration())); OCP\JSON::success(array('configuration' => $connection->getConfiguration()));

2
apps/user_ldap/ajax/setConfiguration.php
View File

@ -26,7 +26,7 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap'); OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$prefix = $_POST['ldap_serverconfig_chooser']; $prefix = (string)$_POST['ldap_serverconfig_chooser'];
// Checkboxes are not submitted, when they are unchecked. Set them manually. // Checkboxes are not submitted, when they are unchecked. Set them manually.
// only legacy checkboxes (Advanced and Expert tab) need to be handled here, // only legacy checkboxes (Advanced and Expert tab) need to be handled here,

4
apps/user_ldap/ajax/wizard.php
View File

@ -31,13 +31,13 @@ $l = \OC::$server->getL10N('user_ldap');
if(!isset($_POST['action'])) { if(!isset($_POST['action'])) {
\OCP\JSON::error(array('message' => $l->t('No action specified'))); \OCP\JSON::error(array('message' => $l->t('No action specified')));
} }
$action = $_POST['action']; $action = (string)$_POST['action'];
if(!isset($_POST['ldap_serverconfig_chooser'])) { if(!isset($_POST['ldap_serverconfig_chooser'])) {
\OCP\JSON::error(array('message' => $l->t('No configuration specified'))); \OCP\JSON::error(array('message' => $l->t('No configuration specified')));
} }
$prefix = $_POST['ldap_serverconfig_chooser']; $prefix = (string)$_POST['ldap_serverconfig_chooser'];
$ldapWrapper = new \OCA\user_ldap\lib\LDAP(); $ldapWrapper = new \OCA\user_ldap\lib\LDAP();
$configuration = new \OCA\user_ldap\lib\Configuration($prefix); $configuration = new \OCA\user_ldap\lib\Configuration($prefix);

12
core/ajax/appconfig.php
View File

@ -11,14 +11,14 @@ OCP\JSON::callCheck();
$action=isset($_POST['action'])?$_POST['action']:$_GET['action']; $action=isset($_POST['action'])?$_POST['action']:$_GET['action'];
if(isset($_POST['app']) || isset($_GET['app'])) { if(isset($_POST['app']) || isset($_GET['app'])) {
$app=OC_App::cleanAppId(isset($_POST['app'])?$_POST['app']:$_GET['app']); $app=OC_App::cleanAppId(isset($_POST['app'])? (string)$_POST['app']: (string)$_GET['app']);
} }
// An admin should not be able to add remote and public services // An admin should not be able to add remote and public services
// on its own. This should only be possible programmatically. // on its own. This should only be possible programmatically.
// This change is due the fact that an admin may not be expected // This change is due the fact that an admin may not be expected
// to execute arbitrary code in every environment. // to execute arbitrary code in every environment.
if($app === 'core' && isset($_POST['key']) &&(substr($_POST['key'],0,7) === 'remote_' || substr($_POST['key'],0,7) === 'public_')) { if($app === 'core' && isset($_POST['key']) &&(substr((string)$_POST['key'],0,7) === 'remote_' || substr((string)$_POST['key'],0,7) === 'public_')) {
OC_JSON::error(array('data' => array('message' => 'Unexpected error!'))); OC_JSON::error(array('data' => array('message' => 'Unexpected error!')));
return; return;
} }
@ -27,10 +27,10 @@ $result=false;
$appConfig = \OC::$server->getAppConfig(); $appConfig = \OC::$server->getAppConfig();
switch($action) { switch($action) {
case 'getValue': case 'getValue':
$result=$appConfig->getValue($app, $_GET['key'], $_GET['defaultValue']); $result=$appConfig->getValue($app, (string)$_GET['key'], (string)$_GET['defaultValue']);
break; break;
case 'setValue': case 'setValue':
$result=$appConfig->setValue($app, $_POST['key'], $_POST['value']); $result=$appConfig->setValue($app, (string)$_POST['key'], (string)$_POST['value']);
break; break;
case 'getApps': case 'getApps':
$result=$appConfig->getApps(); $result=$appConfig->getApps();
@ -39,10 +39,10 @@ switch($action) {
$result=$appConfig->getKeys($app); $result=$appConfig->getKeys($app);
break; break;
case 'hasKey': case 'hasKey':
$result=$appConfig->hasKey($app, $_GET['key']); $result=$appConfig->hasKey($app, (string)$_GET['key']);
break; break;
case 'deleteKey': case 'deleteKey':
$result=$appConfig->deleteKey($app, $_POST['key']); $result=$appConfig->deleteKey($app, (string)$_POST['key']);
break; break;
case 'deleteApp': case 'deleteApp':
$result=$appConfig->deleteApp($app); $result=$appConfig->deleteApp($app);

76
core/ajax/share.php
View File

@ -31,11 +31,11 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
try { try {
$shareType = (int)$_POST['shareType']; $shareType = (int)$_POST['shareType'];
$shareWith = $_POST['shareWith']; $shareWith = $_POST['shareWith'];
$itemSourceName = isset($_POST['itemSourceName']) ? $_POST['itemSourceName'] : null; $itemSourceName = isset($_POST['itemSourceName']) ? (string)$_POST['itemSourceName'] : null;
if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') { if ($shareType === OCP\Share::SHARE_TYPE_LINK && $shareWith == '') {
$shareWith = null; $shareWith = null;
} }
$itemSourceName=(isset($_POST['itemSourceName'])) ? $_POST['itemSourceName']:''; $itemSourceName=(isset($_POST['itemSourceName'])) ? (string)$_POST['itemSourceName']:'';
$token = OCP\Share::shareItem( $token = OCP\Share::shareItem(
$_POST['itemType'], $_POST['itemType'],
@ -44,7 +44,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
$shareWith, $shareWith,
$_POST['permissions'], $_POST['permissions'],
$itemSourceName, $itemSourceName,
(!empty($_POST['expirationDate']) ? new \DateTime($_POST['expirationDate']) : null) (!empty($_POST['expirationDate']) ? new \DateTime((string)$_POST['expirationDate']) : null)
); );
if (is_string($token)) { if (is_string($token)) {
@ -62,19 +62,19 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if ((int)$_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK && $_POST['shareWith'] == '') { if ((int)$_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK && $_POST['shareWith'] == '') {
$shareWith = null; $shareWith = null;
} else { } else {
$shareWith = $_POST['shareWith']; $shareWith = (string)$_POST['shareWith'];
} }
$return = OCP\Share::unshare($_POST['itemType'], $_POST['itemSource'], $_POST['shareType'], $shareWith); $return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith);
($return) ? OC_JSON::success() : OC_JSON::error(); ($return) ? OC_JSON::success() : OC_JSON::error();
} }
break; break;
case 'setPermissions': case 'setPermissions':
if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
$return = OCP\Share::setPermissions( $return = OCP\Share::setPermissions(
$_POST['itemType'], (string)$_POST['itemType'],
$_POST['itemSource'], (string)$_POST['itemSource'],
(int)$_POST['shareType'], (int)$_POST['shareType'],
$_POST['shareWith'], (string)$_POST['shareWith'],
(int)$_POST['permissions'] (int)$_POST['permissions']
); );
($return) ? OC_JSON::success() : OC_JSON::error(); ($return) ? OC_JSON::success() : OC_JSON::error();
@ -83,7 +83,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
case 'setExpirationDate': case 'setExpirationDate':
if (isset($_POST['date'])) { if (isset($_POST['date'])) {
try { try {
$return = OCP\Share::setExpirationDate($_POST['itemType'], $_POST['itemSource'], $_POST['date']); $return = OCP\Share::setExpirationDate((string)$_POST['itemType'], (string)$_POST['itemSource'], (string)$_POST['date']);
($return) ? OC_JSON::success() : OC_JSON::error(); ($return) ? OC_JSON::success() : OC_JSON::error();
} catch (\Exception $e) { } catch (\Exception $e) {
OC_JSON::error(array('data' => array('message' => $e->getMessage()))); OC_JSON::error(array('data' => array('message' => $e->getMessage())));
@ -93,9 +93,9 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
case 'informRecipients': case 'informRecipients':
$l = \OC::$server->getL10N('core'); $l = \OC::$server->getL10N('core');
$shareType = (int) $_POST['shareType']; $shareType = (int) $_POST['shareType'];
$itemType = $_POST['itemType']; $itemType = (string)$_POST['itemType'];
$itemSource = $_POST['itemSource']; $itemSource = (string)$_POST['itemSource'];
$recipient = $_POST['recipient']; $recipient = (string)$_POST['recipient'];
if($shareType === \OCP\Share::SHARE_TYPE_USER) { if($shareType === \OCP\Share::SHARE_TYPE_USER) {
$recipientList[] = $recipient; $recipientList[] = $recipient;
@ -123,26 +123,26 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
} }
break; break;
case 'informRecipientsDisabled': case 'informRecipientsDisabled':
$itemSource = $_POST['itemSource']; $itemSource = (string)$_POST['itemSource'];
$shareType = $_POST['shareType']; $shareType = (int)$_POST['shareType'];
$itemType = $_POST['itemType']; $itemType = (string)$_POST['itemType'];
$recipient = $_POST['recipient']; $recipient = (string)$_POST['recipient'];
\OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, $recipient, false); \OCP\Share::setSendMailStatus($itemType, $itemSource, $shareType, $recipient, false);
OCP\JSON::success(); OCP\JSON::success();
break; break;
case 'email': case 'email':
// read post variables // read post variables
$link = $_POST['link']; $link = (string)$_POST['link'];
$file = $_POST['file']; $file = (string)$_POST['file'];
$to_address = $_POST['toaddress']; $to_address = (string)$_POST['toaddress'];
$mailNotification = new \OC\Share\MailNotifications(); $mailNotification = new \OC\Share\MailNotifications();
$expiration = null; $expiration = null;
if (isset($_POST['expiration']) && $_POST['expiration'] !== '') { if (isset($_POST['expiration']) && $_POST['expiration'] !== '') {
try { try {
$date = new DateTime($_POST['expiration']); $date = new DateTime((string)$_POST['expiration']);
$expiration = $date->getTimestamp(); $expiration = $date->getTimestamp();
} catch (Exception $e) { } catch (Exception $e) {
\OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR); \OCP\Util::writeLog('sharing', "Couldn't read date: " . $e->getMessage(), \OCP\Util::ERROR);
@ -170,7 +170,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
switch ($_GET['fetch']) { switch ($_GET['fetch']) {
case 'getItemsSharedStatuses': case 'getItemsSharedStatuses':
if (isset($_GET['itemType'])) { if (isset($_GET['itemType'])) {
$return = OCP\Share::getItemsShared($_GET['itemType'], OCP\Share::FORMAT_STATUSES); $return = OCP\Share::getItemsShared((string)$_GET['itemType'], OCP\Share::FORMAT_STATUSES);
is_array($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error(); is_array($return) ? OC_JSON::success(array('data' => $return)) : OC_JSON::error();
} }
break; break;
@ -181,8 +181,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
&& isset($_GET['checkShares'])) { && isset($_GET['checkShares'])) {
if ($_GET['checkReshare'] == 'true') { if ($_GET['checkReshare'] == 'true') {
$reshare = OCP\Share::getItemSharedWithBySource( $reshare = OCP\Share::getItemSharedWithBySource(
$_GET['itemType'], (string)$_GET['itemType'],
$_GET['itemSource'], (string)$_GET['itemSource'],
OCP\Share::FORMAT_NONE, OCP\Share::FORMAT_NONE,
null, null,
true true
@ -192,8 +192,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
} }
if ($_GET['checkShares'] == 'true') { if ($_GET['checkShares'] == 'true') {
$shares = OCP\Share::getItemShared( $shares = OCP\Share::getItemShared(
$_GET['itemType'], (string)$_GET['itemType'],
$_GET['itemSource'], (string)$_GET['itemSource'],
OCP\Share::FORMAT_NONE, OCP\Share::FORMAT_NONE,
null, null,
true true
@ -209,7 +209,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if (isset($_GET['search'])) { if (isset($_GET['search'])) {
$cm = OC::$server->getContactsManager(); $cm = OC::$server->getContactsManager();
if (!is_null($cm) && $cm->isEnabled()) { if (!is_null($cm) && $cm->isEnabled()) {
$contacts = $cm->search($_GET['search'], array('FN', 'EMAIL')); $contacts = $cm->search((string)$_GET['search'], array('FN', 'EMAIL'));
foreach ($contacts as $contact) { foreach ($contacts as $contact) {
if (!isset($contact['EMAIL'])) { if (!isset($contact['EMAIL'])) {
continue; continue;
@ -236,7 +236,7 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if (isset($_GET['search'])) { if (isset($_GET['search'])) {
$shareWithinGroupOnly = OC\Share\Share::shareWithGroupMembersOnly(); $shareWithinGroupOnly = OC\Share\Share::shareWithGroupMembersOnly();
$shareWith = array(); $shareWith = array();
$groups = OC_Group::getGroups($_GET['search']); $groups = OC_Group::getGroups((string)$_GET['search']);
if ($shareWithinGroupOnly) { if ($shareWithinGroupOnly) {
$usergroups = OC_Group::getUserGroups(OC_User::getUser()); $usergroups = OC_Group::getUserGroups(OC_User::getUser());
$groups = array_intersect($groups, $usergroups); $groups = array_intersect($groups, $usergroups);
@ -248,15 +248,15 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
while ($count < 15 && count($users) == $limit) { while ($count < 15 && count($users) == $limit) {
$limit = 15 - $count; $limit = 15 - $count;
if ($shareWithinGroupOnly) { if ($shareWithinGroupOnly) {
$users = OC_Group::DisplayNamesInGroups($usergroups, $_GET['search'], $limit, $offset); $users = OC_Group::DisplayNamesInGroups($usergroups, (string)$_GET['search'], $limit, $offset);
} else { } else {
$users = OC_User::getDisplayNames($_GET['search'], $limit, $offset); $users = OC_User::getDisplayNames((string)$_GET['search'], $limit, $offset);
} }
$offset += $limit; $offset += $limit;
foreach ($users as $uid => $displayName) { foreach ($users as $uid => $displayName) {
if ((!isset($_GET['itemShares']) if ((!isset($_GET['itemShares'])
|| !is_array($_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]) || !is_array((string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])
|| !in_array($uid, $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])) || !in_array($uid, (string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]))
&& $uid != OC_User::getUser()) { && $uid != OC_User::getUser()) {
$shareWith[] = array( $shareWith[] = array(
'label' => $displayName, 'label' => $displayName,
@ -277,8 +277,8 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
if ($count < 15) { if ($count < 15) {
if (!isset($_GET['itemShares']) if (!isset($_GET['itemShares'])
|| !isset($_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP]) || !isset($_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])
|| !is_array($_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP]) || !is_array((string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])
|| !in_array($group, $_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])) { || !in_array($group, (string)$_GET['itemShares'][OCP\Share::SHARE_TYPE_GROUP])) {
$shareWith[] = array( $shareWith[] = array(
'label' => $group, 'label' => $group,
'value' => array( 'value' => array(
@ -294,20 +294,20 @@ if (isset($_POST['action']) && isset($_POST['itemType']) && isset($_POST['itemSo
} }
// allow user to add unknown remote addresses for server-to-server share // allow user to add unknown remote addresses for server-to-server share
$backend = \OCP\Share::getBackend($_GET['itemType']); $backend = \OCP\Share::getBackend((string)$_GET['itemType']);
if ($backend->isShareTypeAllowed(\OCP\Share::SHARE_TYPE_REMOTE)) { if ($backend->isShareTypeAllowed(\OCP\Share::SHARE_TYPE_REMOTE)) {
if (substr_count($_GET['search'], '@') === 1) { if (substr_count((string)$_GET['search'], '@') === 1) {
$shareWith[] = array( $shareWith[] = array(
'label' => $_GET['search'], 'label' => (string)$_GET['search'],
'value' => array( 'value' => array(
'shareType' => \OCP\Share::SHARE_TYPE_REMOTE, 'shareType' => \OCP\Share::SHARE_TYPE_REMOTE,
'shareWith' => $_GET['search'] 'shareWith' => (string)$_GET['search']
) )
); );
} }
} }
$sorter = new \OC\Share\SearchResultSorter($_GET['search'], $sorter = new \OC\Share\SearchResultSorter((string)$_GET['search'],
'label', 'label',
new \OC\Log()); new \OC\Log());
usort($shareWith, array($sorter, 'sort')); usort($shareWith, array($sorter, 'sort'));

6
lib/base.php
View File

@ -980,13 +980,13 @@ class OC {
//setup extra user backends //setup extra user backends
OC_User::setupBackends(); OC_User::setupBackends();
if (OC_User::login($_POST["user"], $_POST["password"])) { if (OC_User::login((string)$_POST["user"], (string)$_POST["password"])) {
$userId = OC_User::getUser(); $userId = OC_User::getUser();
// setting up the time zone // setting up the time zone
if (isset($_POST['timezone-offset'])) { if (isset($_POST['timezone-offset'])) {
self::$server->getSession()->set('timezone', $_POST['timezone-offset']); self::$server->getSession()->set('timezone', (string)$_POST['timezone-offset']);
self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', $_POST['timezone']); self::$server->getConfig()->setUserValue($userId, 'core', 'timezone', (string)$_POST['timezone']);
} }
self::cleanupLoginTokens($userId); self::cleanupLoginTokens($userId);

2
settings/ajax/changedisplayname.php
View File

@ -7,7 +7,7 @@ OC_JSON::checkLoggedIn();
$l = \OC::$server->getL10N('settings'); $l = \OC::$server->getL10N('settings');
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$displayName = $_POST["displayName"]; $displayName = (string)$_POST["displayName"];
$userstatus = null; $userstatus = null;
if(OC_User::isAdminUser(OC_User::getUser())) { if(OC_User::isAdminUser(OC_User::getUser())) {

2
settings/ajax/decryptall.php
View File

@ -8,7 +8,7 @@ OC_App::loadApp('files_encryption');
// init encryption app // init encryption app
$params = array('uid' => \OCP\User::getUser(), $params = array('uid' => \OCP\User::getUser(),
'password' => $_POST['password']); 'password' => (string)$_POST['password']);
$view = new OC\Files\View('/'); $view = new OC\Files\View('/');
$util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser()); $util = new \OCA\Files_Encryption\Util($view, \OCP\User::getUser());

2
settings/ajax/disableapp.php
View File

@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit; exit;
} }
$appId = $_POST['appid']; $appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId); $appId = OC_App::cleanAppId($appId);
// FIXME: Clear the cache - move that into some sane helper method // FIXME: Clear the cache - move that into some sane helper method

4
settings/ajax/enableapp.php
View File

@ -3,10 +3,10 @@
OC_JSON::checkAdminUser(); OC_JSON::checkAdminUser();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$groups = isset($_POST['groups']) ? $_POST['groups'] : null; $groups = isset($_POST['groups']) ? (array)$_POST['groups'] : null;
try { try {
OC_App::enable(OC_App::cleanAppId($_POST['appid']), $groups); OC_App::enable(OC_App::cleanAppId((string)$_POST['appid']), $groups);
// FIXME: Clear the cache - move that into some sane helper method // FIXME: Clear the cache - move that into some sane helper method
\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-0'); \OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-0');
\OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-1'); \OC::$server->getMemCacheFactory()->create('settings')->remove('listApps-1');

2
settings/ajax/installapp.php
View File

@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit; exit;
} }
$appId = $_POST['appid']; $appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId); $appId = OC_App::cleanAppId($appId);
$result = OC_App::installApp($appId); $result = OC_App::installApp($appId);

2
settings/ajax/navigationdetect.php
View File

@ -3,7 +3,7 @@
OC_Util::checkAdminUser(); OC_Util::checkAdminUser();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$app = $_GET['app']; $app = (string)$_GET['app'];
$app = OC_App::cleanAppId($app); $app = OC_App::cleanAppId($app);
$navigation = OC_App::getAppNavigationEntries($app); $navigation = OC_App::getAppNavigationEntries($app);

2
settings/ajax/removeRootCertificate.php
View File

@ -2,6 +2,6 @@
OCP\JSON::checkLoggedIn(); OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$name = $_POST['cert']; $name = (string)$_POST['cert'];
$certificateManager = \OC::$server->getCertificateManager(); $certificateManager = \OC::$server->getCertificateManager();
$certificateManager->removeCertificate($name); $certificateManager->removeCertificate($name);

2
settings/ajax/setlanguage.php
View File

@ -9,7 +9,7 @@ OCP\JSON::callCheck();
// Get data // Get data
if( isset( $_POST['lang'] ) ) { if( isset( $_POST['lang'] ) ) {
$languageCodes=OC_L10N::findAvailableLanguages(); $languageCodes=OC_L10N::findAvailableLanguages();
$lang=$_POST['lang']; $lang = (string)$_POST['lang'];
if(array_search($lang, $languageCodes) or $lang === 'en') { if(array_search($lang, $languageCodes) or $lang === 'en') {
\OC::$server->getConfig()->setUserValue( OC_User::getUser(), 'core', 'lang', $lang ); \OC::$server->getConfig()->setUserValue( OC_User::getUser(), 'core', 'lang', $lang );
OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") ))); OC_JSON::success(array("data" => array( "message" => $l->t("Language changed") )));

4
settings/ajax/setquota.php
View File

@ -8,7 +8,7 @@
OC_JSON::checkSubAdminUser(); OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$username = isset($_POST["username"])?$_POST["username"]:''; $username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
if(($username === '' && !OC_User::isAdminUser(OC_User::getUser())) if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
|| (!OC_User::isAdminUser(OC_User::getUser()) || (!OC_User::isAdminUser(OC_User::getUser())
@ -19,7 +19,7 @@ if(($username === '' && !OC_User::isAdminUser(OC_User::getUser()))
} }
//make sure the quota is in the expected format //make sure the quota is in the expected format
$quota=$_POST["quota"]; $quota= (string)$_POST["quota"];
if($quota !== 'none' and $quota !== 'default') { if($quota !== 'none' and $quota !== 'default') {
$quota= OC_Helper::computerFileSize($quota); $quota= OC_Helper::computerFileSize($quota);
$quota=OC_Helper::humanFileSize($quota); $quota=OC_Helper::humanFileSize($quota);

4
settings/ajax/togglegroups.php
View File

@ -4,8 +4,8 @@ OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$success = true; $success = true;
$username = $_POST["username"]; $username = (string)$_POST['username'];
$group = $_POST["group"]; $group = (string)$_POST['group'];
if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) { if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) {
$l = \OC::$server->getL10N('core'); $l = \OC::$server->getL10N('core');

4
settings/ajax/togglesubadmins.php
View File

@ -3,8 +3,8 @@
OC_JSON::checkAdminUser(); OC_JSON::checkAdminUser();
OCP\JSON::callCheck(); OCP\JSON::callCheck();
$username = $_POST["username"]; $username = (string)$_POST['username'];
$group = $_POST["group"]; $group = (string)$_POST['group'];
// Toggle group // Toggle group
if(OC_SubAdmin::isSubAdminofGroup($username, $group)) { if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {

2
settings/ajax/uninstallapp.php
View File

@ -7,7 +7,7 @@ if (!array_key_exists('appid', $_POST)) {
exit; exit;
} }
$appId = $_POST['appid']; $appId = (string)$_POST['appid'];
$appId = OC_App::cleanAppId($appId); $appId = OC_App::cleanAppId($appId);
$result = OC_App::removeApp($appId); $result = OC_App::removeApp($appId);

2
settings/ajax/updateapp.php
View File

@ -15,7 +15,7 @@ if (!array_key_exists('appid', $_POST)) {
return; return;
} }
$appId = $_POST['appid']; $appId = (string)$_POST['appid'];
if (!is_numeric($appId)) { if (!is_numeric($appId)) {
$appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null); $appId = \OC::$server->getAppConfig()->getValue($appId, 'ocsid', null);