Skip to content

Commit

Permalink
fix(apps): Fix loading info.xml file
Browse files Browse the repository at this point in the history 
Ref: https://bugs.php.net/bug.php?id=62577

Signed-off-by: Joas Schilling <[email protected]>
  • Loading branch information
@nickvergessen
nickvergessen committed Jul 20, 2023
1 parent 008158c commit ba54cb2
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 5 deletions.
5 changes: 5 additions & 0 deletions lib/base.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,11 @@ private static function performSameSiteCookieProtection(\OCP\IConfig $config) {
}

public static function init() {
// prevent any XML processing from loading external entities
libxml_set_external_entity_loader(static function () {
return null;
});

// calculate the root directories
OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4));

Expand Down
6 changes: 3 additions & 3 deletions lib/private/App/InfoParser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@

use OCP\ICache;
use function libxml_disable_entity_loader;
use function simplexml_load_file;
use function simplexml_load_string;

class InfoParser {
/** @var \OCP\ICache|null */
Expand Down Expand Up @@ -63,10 +63,10 @@ public function parse($file) {
libxml_use_internal_errors(true);
if ((PHP_VERSION_ID < 80000)) {
$loadEntities = libxml_disable_entity_loader(false);
$xml = simplexml_load_file($file);
$xml = simplexml_load_string(file_get_contents($file));

Check failure

Code scanning / Psalm

TaintedFile Error

Detected tainted file handling
libxml_disable_entity_loader($loadEntities);
} else {
$xml = simplexml_load_file($file);
$xml = simplexml_load_string(file_get_contents($file));

Check failure

Code scanning / Psalm

TaintedFile Error

Detected tainted file handling
}

if ($xml === false) {
Expand Down
4 changes: 2 additions & 2 deletions lib/private/Installer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -334,10 +334,10 @@ public function downloadApp($appId, $allowUnstable = false) {
// Check if appinfo/info.xml has the same app ID as well
if ((PHP_VERSION_ID < 80000)) {
$loadEntities = libxml_disable_entity_loader(false);
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml');
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
libxml_disable_entity_loader($loadEntities);
} else {
$xml = simplexml_load_file($extractDir . '/' . $folders[0] . '/appinfo/info.xml');
$xml = simplexml_load_string(file_get_contents($extractDir . '/' . $folders[0] . '/appinfo/info.xml'));
}
if ((string)$xml->id !== $appId) {
throw new \Exception(
Expand Down

0 comments on commit ba54cb2

Please sign in to comment.