Add deprecation notice to load* functions
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way. Port of https://github.com/owncloud/core/pull/9033
This commit is contained in:
parent
c42d087fc5
commit
f2fc214ce0
2 changed files with 9 additions and 2 deletions
|
@ -38,3 +38,6 @@ Options -Indexes
|
|||
<IfModule pagespeed_module>
|
||||
ModPagespeed Off
|
||||
</IfModule>
|
||||
|
||||
ErrorDocument 403 /core/core/templates/403.php
|
||||
ErrorDocument 404 /core/core/templates/404.php
|
|
@ -785,14 +785,18 @@ class OC {
|
|||
* Load a PHP file belonging to the specified application
|
||||
* @param array $param The application and file to load
|
||||
* @return bool Whether the file has been found (will return 404 and false if not)
|
||||
* @deprecated This function will be removed in ownCloud 8 - use proper routing instead
|
||||
* @param $param
|
||||
* @return bool Whether the file has been found (will return 404 and false if not)
|
||||
*/
|
||||
public static function loadAppScriptFile($param) {
|
||||
OC_App::loadApps();
|
||||
$app = $param['app'];
|
||||
$file = $param['file'];
|
||||
$app_path = OC_App::getAppPath($app);
|
||||
if (OC_App::isEnabled($app) && $app_path !== false) {
|
||||
$file = $app_path . '/' . $file;
|
||||
$file = $app_path . '/' . $file;
|
||||
|
||||
if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) {
|
||||
unset($app, $app_path);
|
||||
if (file_exists($file)) {
|
||||
require_once $file;
|
||||
|
|
Loading…
Reference in a new issue