Fix security issue (#324)

chadek · web-flow · commit a9be95f9e461 · 2024-04-11T11:33:39.000+02:00
* escaping xml characters

* trigger ci only on release

* bump app number

* fixup! trigger ci only on release
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -31,6 +31,7 @@ jobs:
           overwrite: true
 
       - name: Upload app to Nextcloud appstore
+        if: "!github.event.release.prerelease"      
         uses: R0Wi/nextcloud-appstore-push-action@v1
         with:
           app_name: ${{ env.APP_NAME }}
diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -14,7 +14,7 @@ The community document server will automatically be configured if no other docum
 
 Additionally, the community document server only supports running on x86-64 Linux servers.]]>
 	</description>
-	<version>0.1.16</version>
+	<version>0.1.17</version>
 	<licence>agpl</licence>
 	<author>Robin Appelman</author>
 	<namespace>DocumentServer</namespace>
diff --git a/lib/Document/ConverterBinary.php b/lib/Document/ConverterBinary.php
@@ -48,6 +48,7 @@ public function run(string $param, string $password = null): string {
 		$pipes = [];
 		$cmd = './x2t ' . escapeshellarg($param);
 		if ($password) {
+			$password = htmlspecialchars($password, ENT_XML1, 'UTF-8');
 			$cmd .= ' ' . escapeshellarg("<TaskQueueDataConvert><m_sPassword>$password</m_sPassword></TaskQueueDataConvert>");
 		}
 		$process = proc_open($cmd, $descriptorSpec, $pipes, self::BINARY_DIRECTORY, []);

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,7 @@ public function run(string $param, string $password = null): string {`
`48`	`48`	`$pipes = [];`
`49`	`49`	`$cmd = './x2t ' . escapeshellarg($param);`
`50`	`50`	`if ($password) {`
	`51`	`+ $password = htmlspecialchars($password, ENT_XML1, 'UTF-8');`
`51`	`52`	`$cmd .= ' ' . escapeshellarg("<TaskQueueDataConvert><m_sPassword>$password</m_sPassword></TaskQueueDataConvert>");`
`52`	`53`	`}`
`53`	`54`	`$process = proc_open($cmd, $descriptorSpec, $pipes, self::BINARY_DIRECTORY, []);`