plugins-nextcloud-mirror/spreed
1
0
Fork 0
mirror of https://github.com/nextcloud/spreed.git synced 2025-12-18 05:20:50 +01:00
Code Projects Releases Activity

Merge pull request #16526 from nextcloud/backport/16523/stable29

Browse source 
[stable29] fix(matterbridge): Check parameters
This commit is contained in:
Joas Schilling 2025-12-11 14:37:57 +01:00 committed by GitHub
commit 39b0c73ca7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
lib/MatterbridgeManager.php
View file

@ -128,7 +128,7 @@ class MatterbridgeManager {
$newBridge = [
'enabled' => $enabled,
'pid' => $currentBridge['pid'] ?? 0,
'parts' => $parts,
'parts' => $this->validateParts($parts),
];
$this->notify($room, $userId, $currentBridge, $newBridge);
@ -351,6 +351,7 @@ class MatterbridgeManager {
private function generateConfig(array $bridge): string {
$content = '';
foreach ($bridge['parts'] as $k => $part) {
$k = (int)$k;
$type = $part['type'];
if ($type === 'nctalk') {
@ -507,6 +508,22 @@ class MatterbridgeManager {
return $content;
}
protected function validateParts(array $parts): array {
foreach ($parts as $k => $part) {
if (!is_numeric($k)) {
$this->logger->error('User tried to configure a malicious matterbridge setup');
throw new \InvalidArgumentException('Invalid matterbridge parameters');
}
foreach ($part as $key => $value) {
if (preg_match('/["\n]/', $key) || preg_match('/["\n]/', $value)) {
$this->logger->error('User tried to configure a malicious matterbridge setup');
throw new \InvalidArgumentException('Invalid matterbridge parameters');
}
}
}
return $parts;
}
/**
* Remove the scheme from an URL and add port
*