Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(caldav): only call getTimestamp() on actual DateTime data #42696

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 1 addition & 2 deletions apps/dav/lib/CalDAV/Status/StatusService.php
@@ -102,8 +102,7 @@
if(isset($component['DTSTART']) && $userStatusTimestamp !== null) {
/** @var DateTimeImmutable $dateTime */
$dateTime = $component['DTSTART'][0];
$timestamp = $dateTime->getTimestamp();
if($userStatusTimestamp > $timestamp) {
if($dateTime instanceof DateTimeImmutable && $userStatusTimestamp > $dateTime->getTimestamp()) {
Dismissed Show dismissed Hide dismissed
return false;
}
}

Unchanged files with check annotations Beta

$this->logger->critical(
sprintf(
'$params["'.$element.'"] was missing. Transferred value: %s',
print_r($params, true)

Check failure on line 63 in apps/admin_audit/lib/Actions/Action.php

GitHub Actions / static-code-analysis-security

TaintedHtml

apps/admin_audit/lib/Actions/Action.php:63:16: TaintedHtml: Detected tainted HTML (see https://psalm.dev/245)
),
['app' => 'admin_audit']
);
if (!is_subclass_of($objectClass, '\OCP\Files\ObjectStore\IObjectStore')) {
throw new \InvalidArgumentException('Invalid object store');
}
$storage->setBackendOption('objectstore', new $objectClass($objectStore));

Check failure on line 75 in apps/files_external/lib/Config/ConfigAdapter.php

GitHub Actions / static-code-analysis-security

TaintedCallable

apps/files_external/lib/Config/ConfigAdapter.php:75:50: TaintedCallable: Detected tainted text (see https://psalm.dev/243)
}
$storage->getAuthMechanism()->manipulateStorageConfig($storage, $user);
try {
$keyPath = $this->hostKeysPath();
if ($keyPath && file_exists($keyPath)) {
$fp = fopen($keyPath, 'w');

Check failure on line 246 in apps/files_external/lib/Lib/Storage/SFTP.php

GitHub Actions / static-code-analysis-security

TaintedFile

apps/files_external/lib/Lib/Storage/SFTP.php:246:17: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
foreach ($keys as $host => $key) {
fwrite($fp, $host . '::' . $key . "\n");
}
if (file_exists($keyPath)) {
$hosts = [];
$keys = [];
$lines = file($keyPath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);

Check failure on line 267 in apps/files_external/lib/Lib/Storage/SFTP.php

GitHub Actions / static-code-analysis-security

TaintedFile

apps/files_external/lib/Lib/Storage/SFTP.php:267:19: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
if ($lines) {
foreach ($lines as $line) {
$hostKeyArray = explode("::", $line, 2);
case 'c':
case 'c+':
$context = stream_context_create(['sftp' => ['session' => $connection]]);
$handle = fopen($this->constructUrl($path), $mode, false, $context);

Check failure on line 412 in apps/files_external/lib/Lib/Storage/SFTP.php

GitHub Actions / static-code-analysis-security

TaintedFile

apps/files_external/lib/Lib/Storage/SFTP.php:412:22: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
return RetryWrapper::wrap($handle);
}
} catch (\Exception $e) {
&& !isset($downloadStartSecret[32])
&& preg_match('!^[a-zA-Z0-9]+$!', $downloadStartSecret) === 1) {
// FIXME: set on the response once we use an actual app framework response
setcookie('ocDownloadStarted', $downloadStartSecret, time() + 20, '/');

Check failure on line 468 in apps/files_sharing/lib/Controller/ShareController.php

GitHub Actions / static-code-analysis-security

TaintedCookie

apps/files_sharing/lib/Controller/ShareController.php:468:35: TaintedCookie: Detected tainted cookie (see https://psalm.dev/257)
}
$this->emitAccessShareHook($share);
$appIconContent = $appIcon->getContent();
$mime = $appIcon->getMimeType();
} else {
$appIconContent = file_get_contents($appIcon);

Check failure on line 137 in apps/theming/lib/IconBuilder.php

GitHub Actions / static-code-analysis-security

TaintedFile

apps/theming/lib/IconBuilder.php:137:40: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
$mime = mime_content_type($appIcon);
}
if ($imageFile === false || $imageFile === "") {
return false;
}
$svg = file_get_contents($imageFile);

Check failure on line 235 in apps/theming/lib/IconBuilder.php

GitHub Actions / static-code-analysis-security

TaintedFile

apps/theming/lib/IconBuilder.php:235:28: TaintedFile: Detected tainted file handling (see https://psalm.dev/255)
if ($svg !== false && $svg !== "") {
$color = $this->util->elementColor($this->themingDefaults->getColorPrimary());
$svg = $this->util->colorizeSvg($svg, $color);
// slash which is required by URL generation.
if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT &&
substr($_SERVER['REQUEST_URI'], -1) !== '/') {
header('Location: '.\OC::$WEBROOT.'/');

Check failure on line 204 in lib/base.php

GitHub Actions / static-code-analysis-security

TaintedHeader

lib/base.php:204:12: TaintedHeader: Detected tainted header (see https://psalm.dev/256)
exit();
}
}
throw new Exception('Not installed');
} else {
$url = OC::$WEBROOT . '/index.php';
header('Location: ' . $url);

Check failure on line 286 in lib/base.php

GitHub Actions / static-code-analysis-security

TaintedHeader

lib/base.php:286:12: TaintedHeader: Detected tainted header (see https://psalm.dev/256)
}
exit();
}