From 23f0b6faafd626052fc1cd693803d77a3fd676a8 Mon Sep 17 00:00:00 2001 From: nathan Date: Mon, 10 Jul 2023 14:43:32 -0600 Subject: [PATCH] =?UTF-8?q?*=20Api:=20Restrict=20customfield=20options=20r?= =?UTF-8?q?ead=20from=20a=20file=20to=20only=20JSON=20files.=20=20Files=20?= =?UTF-8?q?should=20contain=20an=20array=20of=20options.=20ex:=20[=20=20?= =?UTF-8?q?=20{=20"value":=20"=CE=91",=20"label":=20"=CE=B1=20alpha"=20},?= =?UTF-8?q?=20=20=20{=20"value":=20"=CE=92",=20"label":=20"=CE=B2=20beta"?= =?UTF-8?q?=20}=20]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api/lang/egw_cs.lang | 2 +- api/lang/egw_de.lang | 2 +- api/lang/egw_en.lang | 2 +- api/lang/egw_es-es.lang | 2 +- api/lang/egw_fi.lang | 2 +- api/lang/egw_id.lang | 1 - api/lang/egw_ja.lang | 2 +- api/lang/egw_pt-br.lang | 2 +- api/lang/egw_ru.lang | 2 +- api/lang/egw_sk.lang | 2 +- api/lang/egw_sl.lang | 2 +- api/src/Storage/Customfields.php | 10 +++++++--- 12 files changed, 17 insertions(+), 14 deletions(-) diff --git a/api/lang/egw_cs.lang b/api/lang/egw_cs.lang index 633d3f3b73..2fb886677a 100644 --- a/api/lang/egw_cs.lang +++ b/api/lang/egw_cs.lang @@ -27,7 +27,7 @@ '%1' copied to clipboard common cs '%1' zkopírováno do schránky '%1' has an invalid format common cs '%1' má nesprávný formát ! '%1' has an invalid format !!! common cs '%1' má nesprávný formát !!! -'%1' is no php file in the egw server root (%2)! common cs '%1' není php souborem v server root EGw (%2)! +'%1' is not a valid json file! common cs '%1' není json souborem v server root EGw! '%1' is not a valid date !!! common cs '%1' není platné datum !!! '%1' is not a valid floatingpoint number !!! common cs '%1' není platné číslo s pohyblivou desetinnou čárkou !!! '%1' is not a valid integer !!! common cs '%1' není platné celé číslo diff --git a/api/lang/egw_de.lang b/api/lang/egw_de.lang index 73f42f97a9..86b012f42f 100644 --- a/api/lang/egw_de.lang +++ b/api/lang/egw_de.lang @@ -29,7 +29,7 @@ '%1' copied to clipboard common de '%1' in die Zwischenablage kopiert '%1' has an invalid format common de '%1' hat ein ungültiges Format !!! '%1' has an invalid format !!! common de '%1' hat ein ungültiges Format !!! -'%1' is no php file in the egw server root (%2)! common de '%1' ist keine php Datei in dem EGW Server Wurzelverzeichnis (%2)! +'%1' is not a valid json file! common de '%1' ist keine json Datei in dem EGW Server Wurzelverzeichnis! '%1' is not a valid date !!! common de '%1' ist ein ungültiges Datum !!! '%1' is not a valid floatingpoint number !!! common de '%1' ist keine gültige Gleitkommazahl !!! '%1' is not a valid integer !!! common de '%1' ist keine gültige Ganzzahl !!! diff --git a/api/lang/egw_en.lang b/api/lang/egw_en.lang index 75173ac74e..256d401344 100644 --- a/api/lang/egw_en.lang +++ b/api/lang/egw_en.lang @@ -29,7 +29,7 @@ '%1' copied to clipboard common en '%1' copied to clipboard '%1' has an invalid format common en '%1' has an invalid format '%1' has an invalid format !!! common en '%1' has an invalid format! -'%1' is no php file in the egw server root (%2)! common en '%1' is no php file in the eGW server root (%2)! +'%1' is not a valid json file! common en '%1' is not a valid json file '%1' is not a valid date !!! common en '%1' is not a valid date! '%1' is not a valid floatingpoint number !!! common en '%1' is not a valid floating point number! '%1' is not a valid integer !!! common en '%1' is not a valid integer! diff --git a/api/lang/egw_es-es.lang b/api/lang/egw_es-es.lang index c322857a32..aba50cdb0f 100644 --- a/api/lang/egw_es-es.lang +++ b/api/lang/egw_es-es.lang @@ -29,7 +29,7 @@ '%1' copied to clipboard common es-es %1' copiado en el portapapeles '%1' has an invalid format common es-es '%1' no tiene un formato válido '%1' has an invalid format !!! common es-es ¡'%1' no tiene un formato válido! -'%1' is no php file in the egw server root (%2)! common es-es ¡'%1' no es un archivo php en el directorio raíz de EGroupware (%2)! +'%1' is not a valid json file! common es-es ¡'%1' no es un archivo json en el directorio raíz de EGroupware! '%1' is not a valid date !!! common es-es ¡'%1' no es una fecha válida! '%1' is not a valid floatingpoint number !!! common es-es ¡'%1' no es un número válido de coma flotante! '%1' is not a valid integer !!! common es-es ¡'%1' no es un entero válido! diff --git a/api/lang/egw_fi.lang b/api/lang/egw_fi.lang index 103caf84d0..2a3ac5623f 100644 --- a/api/lang/egw_fi.lang +++ b/api/lang/egw_fi.lang @@ -20,7 +20,7 @@ %s readonly common fi %s vain lukuoikeus '%1' copied to clipboard common fi '%1' kopioitu leikepöydälle '%1' has an invalid format !!! common fi %1 on väärässä muodossa! -'%1' is no php file in the egw server root (%2)! common fi '%1' ei ole PHP tiedosto EGroupwaren server rootissa (%2)! +'%1' is not a valid json file! common fi '%1' ei ole json tiedosto EGroupwaren server rootissa! '%1' is not a valid date !!! common fi %1 on epäkelpo päiväys! '%1' is not a valid floatingpoint number !!! common fi %1 ei ole desimaaliluku! '%1' is not a valid integer !!! common fi %1 ei ole kokonaisluku! diff --git a/api/lang/egw_id.lang b/api/lang/egw_id.lang index 77096e678e..509e50a178 100644 --- a/api/lang/egw_id.lang +++ b/api/lang/egw_id.lang @@ -16,7 +16,6 @@ %s readonly common id %s readonly '%1' copied to clipboard common id '%1' disalin ke clipboard '%1' has an invalid format !!! common id '%1' has an invalid format !!! -'%1' is no php file in the egw server root (%2)! common id '%1' is no php file in the eGW server root (%2)! '%1' is not a valid date !!! common id '%1' is not a valid date !!! '%1' is not a valid floatingpoint number !!! common id '%1' is not a valid floatingpoint number !!! '%1' is not a valid integer !!! common id '%1' is not a valid integer !!! diff --git a/api/lang/egw_ja.lang b/api/lang/egw_ja.lang index c2cb338293..32c8593a26 100644 --- a/api/lang/egw_ja.lang +++ b/api/lang/egw_ja.lang @@ -27,7 +27,7 @@ '%1' copied to clipboard common ja '%1' がクリップボードにコピーされました。 '%1' has an invalid format common ja '%1' のフォーマットが不正です。 '%1' has an invalid format !!! common ja '%1' のフォーマットが不正です! -'%1' is no php file in the egw server root (%2)! common ja '%1' is no php file in the eGW server root (%2)! +'%1' is not a valid json file! common ja '%1' is no json file in the eGW server root! '%1' is not a valid date !!! common ja '%1' の日付が不正です! '%1' is not a valid floatingpoint number !!! common ja '%1' は不正な浮動小数です! '%1' is not a valid integer !!! common ja '%1' は無効な整数です! diff --git a/api/lang/egw_pt-br.lang b/api/lang/egw_pt-br.lang index bb21d82d53..c0e3fffded 100644 --- a/api/lang/egw_pt-br.lang +++ b/api/lang/egw_pt-br.lang @@ -20,7 +20,7 @@ %s readonly common pt-br %s apenas leitura '%1' copied to clipboard common pt-br %1' copiado para prancheta '%1' has an invalid format !!! common pt-br '%1' está em um formato inválido !!! -'%1' is no php file in the egw server root (%2)! common pt-br '%1' não é um arquivo php na pasta raiz do servidor eGW (%2)! +'%1' is not a valid json file! common pt-br '%1' não é um arquivo json na pasta raiz do servidor eGW! '%1' is not a valid date !!! common pt-br '%1' não é uma data válida !!! '%1' is not a valid floatingpoint number !!! common pt-br %1' não é um número válido para o ponto flutuante!!! '%1' is not a valid integer !!! common pt-br %1' não é um inteiro válido!!! diff --git a/api/lang/egw_ru.lang b/api/lang/egw_ru.lang index 04892e0939..ca2719c311 100644 --- a/api/lang/egw_ru.lang +++ b/api/lang/egw_ru.lang @@ -24,7 +24,7 @@ '%1' copied to clipboard common ru '%1' скопировано в буфер обмена '%1' has an invalid format common ru Неверный формат '%1' '%1' has an invalid format !!! common ru '%1' имеет неверный формат! -'%1' is no php file in the egw server root (%2)! common ru '%1' нет файла php в корневом каталоге eGW (%2)! +'%1' is not a valid json file! common ru '%1' нет файла json в корневом каталоге eGW! '%1' is not a valid date !!! common ru '%1' неверная дата! '%1' is not a valid floatingpoint number !!! common ru '%1' неверное число с плавающей запятой! '%1' is not a valid integer !!! common ru '%1' неверное целое ! diff --git a/api/lang/egw_sk.lang b/api/lang/egw_sk.lang index 437df1ca30..2fb18206ae 100644 --- a/api/lang/egw_sk.lang +++ b/api/lang/egw_sk.lang @@ -29,7 +29,7 @@ '%1' copied to clipboard common sk '%1' skopírované do schránky '%1' has an invalid format common sk '%1' má nesprávny formát! '%1' has an invalid format !!! common sk '%1' má nesprávny formát! -'%1' is no php file in the egw server root (%2)! common sk '%1' nie je php súborom v root adresári eGW servera (%2)! +'%1' is not a valid json file! common sk '%1' nie je json súborom v root adresári eGW servera! '%1' is not a valid date !!! common sk '%1' nie je platný dátum! '%1' is not a valid floatingpoint number !!! common sk '%1' nie je platné číslo s plávajúcou desatinnou čiarkou! '%1' is not a valid integer !!! common sk '%1' nie je platné celé číslo ! diff --git a/api/lang/egw_sl.lang b/api/lang/egw_sl.lang index 5b07c05ea3..53d352652a 100644 --- a/api/lang/egw_sl.lang +++ b/api/lang/egw_sl.lang @@ -27,7 +27,7 @@ '%1' copied to clipboard common sl '%1' se kopira v odložišče '%1' has an invalid format common sl '%1' ima nepravilen format '%1' has an invalid format !!! common sl '%1' ima nepravilen format -'%1' is no php file in the egw server root (%2)! common sl '%1' ni datoteka php v koraku eGW strežnika (%2)! +'%1' is not a valid json file! common sl '%1' ni datoteka json v koraku eGW strežnika! '%1' is not a valid date !!! common sl '%1' ni veljaven datum !!! '%1' is not a valid floatingpoint number !!! common sl '%1' ni pravilno decimalno število '%1' is not a valid integer !!! common sl '%1' ni pravilno celo število diff --git a/api/src/Storage/Customfields.php b/api/src/Storage/Customfields.php index a1ae6d8121..ad56538a41 100644 --- a/api/src/Storage/Customfields.php +++ b/api/src/Storage/Customfields.php @@ -291,12 +291,16 @@ class Customfields implements \IteratorAggregate $options = array(); if(!($path = Api\Vfs::resolve_url($file)) || // file does not exist // we are NOT inside the eGW root - basename($path, '.php') . '.php' != basename($path) || // extension is NOT .php + basename($path, '.json') . '.json' != basename($path) || // extension is NOT .php basename($path) == 'header.inc.php') // dont allow to include our header again { - return array(lang("'%1' is no php file in the eGW server root (%2)!" . ': ' . $path, $file, EGW_SERVER_ROOT)); + return array(lang("'%1' is not a valid json file!", $file)); + } + $options = json_decode(file_get_contents($path), true); + if($options === null) + { + return array(lang("'%1' is not a valid json file!", $file)); } - include($path); return $options; }