plugins-nextcloud-mirror/spreed
1
0
Fork 0
mirror of https://github.com/nextcloud/spreed.git synced 2025-12-17 21:12:20 +01:00
Code Projects Releases Activity

fix(matterbridge): Check parameters

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2025-12-10 17:52:23 +01:00
parent 130eb1ac69
commit 06b8063bc0
No known key found for this signature in database
GPG key ID: F72FA5B49FFA96B0
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
lib/MatterbridgeManager.php
View file

@ -111,7 +111,7 @@ class MatterbridgeManager {
$newBridge = [
'enabled' => $enabled,
'pid' => $currentBridge['pid'] ?? 0,
'parts' => $parts,
'parts' => $this->validateParts($parts),
];
$this->notify($room, $userId, $currentBridge, $newBridge);
@ -335,6 +335,7 @@ class MatterbridgeManager {
private function generateConfig(array $bridge): string {
$content = '';
foreach ($bridge['parts'] as $k => $part) {
$k = (int)$k;
$type = $part['type'];
if ($type === 'nctalk') {
@ -494,6 +495,22 @@ class MatterbridgeManager {
return $content;
}
protected function validateParts(array $parts): array {
foreach ($parts as $k => $part) {
if (!is_numeric($k)) {
$this->logger->error('User tried to configure a malicious matterbridge setup');
throw new \InvalidArgumentException('Invalid matterbridge parameters');
}
foreach ($part as $key => $value) {
if (preg_match('/["\n]/', $key) || preg_match('/["\n]/', $value)) {
$this->logger->error('User tried to configure a malicious matterbridge setup');
throw new \InvalidArgumentException('Invalid matterbridge parameters');
}
}
}
return $parts;
}
/**
* Remove the scheme from an URL and add port
*