From f5beeec833ff500b9c5072728338d372820e903c Mon Sep 17 00:00:00 2001 From: Morris Jobke Date: Wed, 30 Mar 2016 23:29:26 +0200 Subject: [PATCH] Properly handle return values of OC_App::getAppInfo() * fixes #23668 --- lib/private/app.php | 15 +++++++++++++++ lib/private/installer.php | 3 +++ lib/public/app.php | 2 +- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/lib/private/app.php b/lib/private/app.php index 3b8cbba389..05d220f7d3 100644 --- a/lib/private/app.php +++ b/lib/private/app.php @@ -207,6 +207,9 @@ class OC_App { */ public static function setAppTypes($app) { $appData = self::getAppInfo($app); + if(!is_array($appData)) { + return; + } if (isset($appData['types'])) { $appTypes = implode(',', $appData['types']); @@ -783,6 +786,10 @@ class OC_App { if (array_search($app, $blacklist) === false) { $info = OC_App::getAppInfo($app); + if (!is_array($info)) { + \OCP\Util::writeLog('core', 'Could not read app info file for app "' . $app . '"', \OCP\Util::ERROR); + continue; + } if (!isset($info['name'])) { \OCP\Util::writeLog('core', 'App id "' . $app . '" has no name in appinfo', \OCP\Util::ERROR); @@ -1081,6 +1088,14 @@ class OC_App { if ($app !== false) { // check if the app is compatible with this version of ownCloud $info = self::getAppInfo($app); + if(!is_array($info)) { + throw new \Exception( + $l->t('App "%s" cannot be installed because appinfo file cannot be read.', + [$info['name']] + ) + ); + } + $version = \OCP\Util::getVersion(); if (!self::isAppCompatible($version, $info)) { throw new \Exception( diff --git a/lib/private/installer.php b/lib/private/installer.php index c026383e26..421e281e56 100644 --- a/lib/private/installer.php +++ b/lib/private/installer.php @@ -342,6 +342,9 @@ class OC_Installer{ } $info = OC_App::getAppInfo($extractDir.'/appinfo/info.xml', true); + if(!is_array($info)) { + throw new \Exception($l->t('App cannot be installed because appinfo file cannot be read.')); + } // We can't trust the parsed info.xml file as it may have been tampered // with by an attacker and thus we need to use the local data to check diff --git a/lib/public/app.php b/lib/public/app.php index 032116eb43..c3ba90cea4 100644 --- a/lib/public/app.php +++ b/lib/public/app.php @@ -112,7 +112,7 @@ class App { * Read app metadata from the info.xml file * @param string $app id of the app or the path of the info.xml file * @param boolean $path (optional) - * @return array + * @return array|null * @since 4.0.0 */ public static function getAppInfo( $app, $path=false ) {