From 9dddcae9ca3dcf872893e36e2f478ebecafdc6e2 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Sat, 9 Feb 2013 15:03:47 +0100 Subject: [PATCH] Remove invalid characters from app id to prevent loading of invalid resources --- core/ajax/translations.php | 1 + lib/app.php | 9 +++++++++ lib/base.php | 2 +- lib/l10n.php | 2 +- settings/ajax/disableapp.php | 2 +- settings/ajax/enableapp.php | 2 +- settings/ajax/navigationdetect.php | 1 + settings/ajax/updateapp.php | 1 + 8 files changed, 16 insertions(+), 4 deletions(-) diff --git a/core/ajax/translations.php b/core/ajax/translations.php index e22cbad470..e52a2e9b1e 100644 --- a/core/ajax/translations.php +++ b/core/ajax/translations.php @@ -22,6 +22,7 @@ */ $app = $_POST["app"]; +$app = OC_App::cleanAppId($app); $l = OC_L10N::get( $app ); diff --git a/lib/app.php b/lib/app.php index 3a4e21e8cd..54f16d6bdc 100644 --- a/lib/app.php +++ b/lib/app.php @@ -38,6 +38,15 @@ class OC_App{ static private $checkedApps = array(); static private $altLogin = array(); + /** + * @brief clean the appid + * @param $app Appid that needs to be cleaned + * @return string + */ + public static function cleanAppId($app) { + return str_replace(array('\0', '/', '\\', '..'), '', $app); + } + /** * @brief loads all apps * @param array $types diff --git a/lib/base.php b/lib/base.php index 5bfdb0b7c0..b9e59c3431 100644 --- a/lib/base.php +++ b/lib/base.php @@ -468,7 +468,7 @@ class OC { register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters - self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files')); + self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files')); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); diff --git a/lib/l10n.php b/lib/l10n.php index ee87900926..e272bcd79f 100644 --- a/lib/l10n.php +++ b/lib/l10n.php @@ -97,7 +97,7 @@ class OC_L10N{ if ($this->app === true) { return; } - $app = $this->app; + $app = OC_App::cleanAppId($this->app); $lang = $this->lang; $this->app = true; // Find the right language diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php index e89de928ea..466a719157 100644 --- a/settings/ajax/disableapp.php +++ b/settings/ajax/disableapp.php @@ -2,6 +2,6 @@ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); -OC_App::disable($_POST['appid']); +OC_App::disable(OC_App::cleanAppId($_POST['appid'])); OC_JSON::success(); diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php index 18202dc39e..ab84aee516 100644 --- a/settings/ajax/enableapp.php +++ b/settings/ajax/enableapp.php @@ -3,7 +3,7 @@ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); -$appid = OC_App::enable($_POST['appid']); +$appid = OC_App::enable(OC_App::cleanAppId($_POST['appid'])); if($appid !== false) { OC_JSON::success(array('data' => array('appid' => $appid))); } else { diff --git a/settings/ajax/navigationdetect.php b/settings/ajax/navigationdetect.php index 93acb50dc2..607c0e873f 100644 --- a/settings/ajax/navigationdetect.php +++ b/settings/ajax/navigationdetect.php @@ -4,6 +4,7 @@ OC_Util::checkAdminUser(); OCP\JSON::callCheck(); $app = $_GET['app']; +$app = OC_App::cleanAppId($app); //load the one app and see what it adds to the navigation OC_App::loadApp($app); diff --git a/settings/ajax/updateapp.php b/settings/ajax/updateapp.php index 77c0bbc3e3..9367a3b5a3 100644 --- a/settings/ajax/updateapp.php +++ b/settings/ajax/updateapp.php @@ -4,6 +4,7 @@ OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $appid = $_POST['appid']; +$appid = OC_App::cleanAppId($appid); $result = OC_Installer::updateApp($appid); if($result !== false) {