sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(theming): Adjust config listener to validate `apporder` config 

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
pull/41635/head
Ferdinand Thiessen 2023-11-21 12:29:26 +07:00
parent f74084cd3d
commit fa2c834aab
No known key found for this signature in database
GPG Key ID: 45FAE7268762B400
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
apps/theming/lib/Listener/BeforePreferenceListener.php
Unescape Escape View File

@ -79,12 +79,16 @@ class BeforePreferenceListener implements IEventListener {
}
$value = json_decode($event->getConfigValue(), true, flags:JSON_THROW_ON_ERROR);
if (is_array(($value))) {
foreach ($value as $id => $info) {
if (!is_array($info) || empty($info) || !isset($info['app']) || !$this->appManager->isEnabledForUser($info['app']) || !is_numeric($info['order'] ?? '')) {
// Invalid config value, refuse the change
return;
}
if (!is_array(($value))) {
// Must be an array
return;
}
foreach ($value as $id => $info) {
// required format: [ navigation_id: string => [ order: int, app?: string ] ]
if (!is_string($id) || !is_array($info) || empty($info) || !isset($info['order']) || !is_numeric($info['order']) || (isset($info['app']) && !$this->appManager->isEnabledForUser($info['app']))) {
// Invalid config value, refuse the change
return;
}
}
$event->setValid(true);