diff --git a/.github/workflows/integration-mariadb.yml b/.github/workflows/integration-mariadb.yml
index 598ca3fb773..cf926a85225 100644
--- a/.github/workflows/integration-mariadb.yml
+++ b/.github/workflows/integration-mariadb.yml
@@ -55,8 +55,8 @@ jobs:
test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4']
php-versions: ['8.2']
server-versions: ['stable28']
- guests-versions: ['stable28']
- call-summary-bot-versions: ['main']
+ guests-versions: ['v3.0.1']
+ call-summary-bot-versions: ['stable30']
notifications-versions: ['stable28']
services:
diff --git a/.github/workflows/integration-mysql.yml b/.github/workflows/integration-mysql.yml
index c8975f2a87f..14907cbe642 100644
--- a/.github/workflows/integration-mysql.yml
+++ b/.github/workflows/integration-mysql.yml
@@ -55,8 +55,8 @@ jobs:
test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4']
php-versions: ['8.2']
server-versions: ['stable28']
- guests-versions: ['stable28']
- call-summary-bot-versions: ['main']
+ guests-versions: ['v3.0.1']
+ call-summary-bot-versions: ['stable30']
notifications-versions: ['stable28']
services:
diff --git a/.github/workflows/integration-oci.yml b/.github/workflows/integration-oci.yml
index 54eb43f08ca..1646e3b8d93 100644
--- a/.github/workflows/integration-oci.yml
+++ b/.github/workflows/integration-oci.yml
@@ -55,8 +55,8 @@ jobs:
test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4']
php-versions: ['8.2']
server-versions: ['stable28']
- guests-versions: ['stable28']
- call-summary-bot-versions: ['main']
+ guests-versions: ['v3.0.1']
+ call-summary-bot-versions: ['stable30']
notifications-versions: ['stable28']
services:
diff --git a/.github/workflows/integration-pgsql.yml b/.github/workflows/integration-pgsql.yml
index dc24b68fe56..52fb8003928 100644
--- a/.github/workflows/integration-pgsql.yml
+++ b/.github/workflows/integration-pgsql.yml
@@ -52,8 +52,8 @@ jobs:
test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4']
php-versions: ['8.3']
server-versions: ['stable28']
- guests-versions: ['stable28']
- call-summary-bot-versions: ['main']
+ guests-versions: ['v3.0.1']
+ call-summary-bot-versions: ['stable30']
notifications-versions: ['stable28']
services:
diff --git a/.github/workflows/integration-sqlite.yml b/.github/workflows/integration-sqlite.yml
index c4fd9126c7e..39339b85b38 100644
--- a/.github/workflows/integration-sqlite.yml
+++ b/.github/workflows/integration-sqlite.yml
@@ -55,8 +55,8 @@ jobs:
test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4']
php-versions: ['8.2']
server-versions: ['stable28']
- guests-versions: ['stable28']
- call-summary-bot-versions: ['main']
+ guests-versions: ['v3.0.1']
+ call-summary-bot-versions: ['stable30']
notifications-versions: ['stable28']
steps:
diff --git a/appinfo/info.xml b/appinfo/info.xml
index 37fff51251c..ac8924891ac 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -16,7 +16,7 @@ And in the works for the [coming versions](https://github.com/nextcloud/spreed/m
]]>
- 18.0.14
+ 18.0.15
agpl
Daniel Calviño Sánchez
diff --git a/lib/MatterbridgeManager.php b/lib/MatterbridgeManager.php
index c61be98f830..3341b0c6fc6 100644
--- a/lib/MatterbridgeManager.php
+++ b/lib/MatterbridgeManager.php
@@ -128,7 +128,7 @@ public function editBridgeOfRoom(Room $room, string $userId, bool $enabled, arra
$newBridge = [
'enabled' => $enabled,
'pid' => $currentBridge['pid'] ?? 0,
- 'parts' => $parts,
+ 'parts' => $this->validateParts($parts),
];
$this->notify($room, $userId, $currentBridge, $newBridge);
@@ -351,6 +351,7 @@ private function generatePassword(): string {
private function generateConfig(array $bridge): string {
$content = '';
foreach ($bridge['parts'] as $k => $part) {
+ $k = (int)$k;
$type = $part['type'];
if ($type === 'nctalk') {
@@ -507,6 +508,22 @@ private function generateConfig(array $bridge): string {
return $content;
}
+ protected function validateParts(array $parts): array {
+ foreach ($parts as $k => $part) {
+ if (!is_numeric($k)) {
+ $this->logger->error('User tried to configure a malicious matterbridge setup');
+ throw new \InvalidArgumentException('Invalid matterbridge parameters');
+ }
+ foreach ($part as $key => $value) {
+ if (preg_match('/["\n]/', $key) || preg_match('/["\n]/', $value)) {
+ $this->logger->error('User tried to configure a malicious matterbridge setup');
+ throw new \InvalidArgumentException('Invalid matterbridge parameters');
+ }
+ }
+ }
+ return $parts;
+ }
+
/**
* Remove the scheme from an URL and add port
*
diff --git a/package-lock.json b/package-lock.json
index 55e2836bd7c..ba36b8be239 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "talk",
- "version": "18.0.14",
+ "version": "18.0.15",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "talk",
- "version": "18.0.14",
+ "version": "18.0.15",
"license": "agpl",
"dependencies": {
"@linusborg/vue-simple-portal": "^0.1.5",
diff --git a/package.json b/package.json
index ae482593f4e..4a32134ec56 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "talk",
- "version": "18.0.14",
+ "version": "18.0.15",
"private": true,
"description": "",
"author": "Joas Schilling ",