From 4ef2b27a47f3669d35ae2e9271c7f9c79cca972d Mon Sep 17 00:00:00 2001 From: Julien Veyssier Date: Thu, 9 Feb 2023 14:33:19 +0100 Subject: [PATCH] safer URL match in FileReferenceProvider Signed-off-by: Julien Veyssier --- .../Reference/File/FileReferenceProvider.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/private/Collaboration/Reference/File/FileReferenceProvider.php b/lib/private/Collaboration/Reference/File/FileReferenceProvider.php index 4e6c7ea623f1f..95e49cdf86037 100644 --- a/lib/private/Collaboration/Reference/File/FileReferenceProvider.php +++ b/lib/private/Collaboration/Reference/File/FileReferenceProvider.php @@ -62,21 +62,21 @@ public function matchReference(string $referenceText): bool { } private function getFilesAppLinkId(string $referenceText): ?int { - $start = $this->urlGenerator->getAbsoluteURL('/apps/files'); - $startIndex = $this->urlGenerator->getAbsoluteURL('/index.php/apps/files'); + $start = $this->urlGenerator->getAbsoluteURL('/apps/files/'); + $startIndex = $this->urlGenerator->getAbsoluteURL('/index.php/apps/files/'); $fileId = null; if (mb_strpos($referenceText, $start) === 0) { $parts = parse_url($referenceText); - parse_str($parts['query'], $query); + parse_str($parts['query'] ?? '', $query); $fileId = isset($query['fileid']) ? (int)$query['fileid'] : $fileId; $fileId = isset($query['openfile']) ? (int)$query['openfile'] : $fileId; } if (mb_strpos($referenceText, $startIndex) === 0) { $parts = parse_url($referenceText); - parse_str($parts['query'], $query); + parse_str($parts['query'] ?? '', $query); $fileId = isset($query['fileid']) ? (int)$query['fileid'] : $fileId; $fileId = isset($query['openfile']) ? (int)$query['openfile'] : $fileId; }