Merge pull request #1054 from nextcloud/backport/1051/stable23

ArtificialOwl · web-flow · commit dac4adf4eb6a · 2022-06-13T11:14:09.000-01:00
[stable23] confirmKey must be uuid
diff --git a/lib/Service/RemoteStreamService.php b/lib/Service/RemoteStreamService.php
@@ -133,7 +133,7 @@ public function getAppSignatory(bool $generate = true, string $confirmKey = ''):
 		$this->fillSimpleSignatory($app, $generate);
 		$app->setUidFromKey();
 
-		if ($confirmKey !== '') {
+		if ($this->isUuid($confirmKey)) {
 			$app->setAuthSigned($this->signString($confirmKey, $app));
 		}
 
diff --git a/lib/Tools/Traits/TStringTools.php b/lib/Tools/Traits/TStringTools.php
@@ -85,6 +85,19 @@ protected function uuid(int $length = 0): string {
 	}
 
 
+	/**
+	 * @param string $uuid
+	 *
+	 * @return bool
+	 */
+	protected function isUuid(string $uuid): bool {
+		if ($uuid === '') {
+			return false;
+		}
+
+		return (preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i', $uuid) === 1);
+	}
+
 	/**
 	 * @param string $line
 	 * @param int $length

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public function getAppSignatory(bool $generate = true, string $confirmKey = ''):`
`133`	`133`	`$this->fillSimpleSignatory($app, $generate);`
`134`	`134`	`$app->setUidFromKey();`
`135`	`135`
`136`		`- if ($confirmKey !== '') {`
	`136`	`+ if ($this->isUuid($confirmKey)) {`
`137`	`137`	`$app->setAuthSigned($this->signString($confirmKey, $app));`
`138`	`138`	`}`
`139`	`139`