From 06b8063bc05674bf5d1c8a3898daee549b9f4f64 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 10 Dec 2025 17:52:23 +0100
Subject: [PATCH] fix(matterbridge): Check parameters

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/MatterbridgeManager.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/MatterbridgeManager.php b/lib/MatterbridgeManager.php
index 31b26af2b8..14fd64525f 100644
--- a/lib/MatterbridgeManager.php
+++ b/lib/MatterbridgeManager.php
@@ -111,7 +111,7 @@ class MatterbridgeManager {
 		$newBridge = [
 			'enabled' => $enabled,
 			'pid' => $currentBridge['pid'] ?? 0,
-			'parts' => $parts,
+			'parts' => $this->validateParts($parts),
 		];
 
 		$this->notify($room, $userId, $currentBridge, $newBridge);
@@ -335,6 +335,7 @@ class MatterbridgeManager {
 	private function generateConfig(array $bridge): string {
 		$content = '';
 		foreach ($bridge['parts'] as $k => $part) {
+			$k = (int)$k;
 			$type = $part['type'];
 
 			if ($type === 'nctalk') {
@@ -494,6 +495,22 @@ class MatterbridgeManager {
 		return $content;
 	}
 
+	protected function validateParts(array $parts): array {
+		foreach ($parts as $k => $part) {
+			if (!is_numeric($k)) {
+				$this->logger->error('User tried to configure a malicious matterbridge setup');
+				throw new \InvalidArgumentException('Invalid matterbridge parameters');
+			}
+			foreach ($part as $key => $value) {
+				if (preg_match('/["\n]/', $key) || preg_match('/["\n]/', $value)) {
+					$this->logger->error('User tried to configure a malicious matterbridge setup');
+					throw new \InvalidArgumentException('Invalid matterbridge parameters');
+				}
+			}
+		}
+		return $parts;
+	}
+
 	/**
 	 * Remove the scheme from an URL and add port
 	 *