mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #25554 from nextcloud/fix/pslam/tainted_cookie 

tain-escape the cookie input
This commit is contained in:
Lukas Reschke 2021-02-10 12:20:49 +01:00 committed by GitHub
parent decb70b9ac 784a752c0f
commit d42f9e65a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
apps/files/ajax/download.php
View File

@ -41,15 +41,29 @@ if (!is_array($files_list)) {
$files_list = [$files];
}
/**
* @psalm-taint-escape cookie
*/
function cleanCookieInput(string $value): string {
if (strlen($value) > 32) {
return '';
}
if (preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) !== 1) {
return '';
}
return $value;
}
/**
* this sets a cookie to be able to recognize the start of the download
* the content must not be longer than 32 characters and must only contain
* alphanumeric characters
*/
if (isset($_GET['downloadStartSecret'])
&& !isset($_GET['downloadStartSecret'][32])
&& preg_match('!^[a-zA-Z0-9]+$!', $_GET['downloadStartSecret']) === 1) {
setcookie('ocDownloadStarted', $_GET['downloadStartSecret'], time() + 20, '/');
if (isset($_GET['downloadStartSecret'])) {
$value = cleanCookieInput($_GET['downloadStartSecret']);
if ($value !== '') {
setcookie('ocDownloadStarted', $value, time() + 20, '/');
}
}
$server_params = [ 'head' => \OC::$server->getRequest()->getMethod() === 'HEAD' ];