[Pkg-owncloud-commits] [owncloud] 05/06: Add deprecation notice to load* functions
David Prévot
taffit at moszumanska.debian.org
Tue Jun 17 21:58:32 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to annotated tag v5.0.17beta1
in repository owncloud.
commit beee69bee41cb711d163be7087433993aca12c5e
Author: Lukas Reschke <lukas at statuscode.ch>
Date: Sat Jun 14 11:05:12 2014 +0200
Add deprecation notice to load* functions
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.
Backport of https://github.com/owncloud/core/pull/9033
---
lib/base.php | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/lib/base.php b/lib/base.php
index c20812a..8b5205e 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -734,27 +734,40 @@ class OC {
self::handleLogin();
}
+ /**
+ * @deprecated This function will be removed in ownCloud 8 - use proper routing instead
+ * @param $param
+ * @return bool Whether the file has been found
+ */
public static function loadAppScriptFile($param) {
OC_App::loadApps();
$app = $param['app'];
$file = $param['file'];
$app_path = OC_App::getAppPath($app);
$file = $app_path . '/' . $file;
- unset($app, $app_path);
- if (file_exists($file)) {
- require_once $file;
- return true;
+
+ if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) {
+ unset($app, $app_path);
+ if (file_exists($file)) {
+ require_once $file;
+ return true;
+ }
}
return false;
}
+ /**
+ * @deprecated This function is removed since ownCloud 7
+ * @param $param
+ */
public static function loadCSSFile($param) {
$app = $param['app'];
$file = $param['file'];
$app_path = OC_App::getAppPath($app);
- if (file_exists($app_path . '/' . $file)) {
- $app_web_path = OC_App::getAppWebPath($app);
- $filepath = $app_web_path . '/' . $file;
+ $app_web_path = OC_App::getAppWebPath($app);
+ $filepath = $app_web_path . '/' . $file;
+
+ if (file_exists($app_path . '/' . $file) && OC_Helper::issubdirectory($app_path . '/' . $file, $app_path)) {
$minimizer = new OC_Minimizer_CSS();
$info = array($app_path, $app_web_path, $file);
$minimizer->output(array($info), $filepath);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list