From 37b4790dbcecdfd7aaab09428899f504067105ba Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 10 Dec 2025 17:52:23 +0100 Subject: [PATCH 1/4] fix(matterbridge): Check parameters Signed-off-by: Joas Schilling --- lib/MatterbridgeManager.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/MatterbridgeManager.php b/lib/MatterbridgeManager.php index c61be98f830..3341b0c6fc6 100644 --- a/lib/MatterbridgeManager.php +++ b/lib/MatterbridgeManager.php @@ -128,7 +128,7 @@ public function editBridgeOfRoom(Room $room, string $userId, bool $enabled, arra $newBridge = [ 'enabled' => $enabled, 'pid' => $currentBridge['pid'] ?? 0, - 'parts' => $parts, + 'parts' => $this->validateParts($parts), ]; $this->notify($room, $userId, $currentBridge, $newBridge); @@ -351,6 +351,7 @@ private function generatePassword(): string { private function generateConfig(array $bridge): string { $content = ''; foreach ($bridge['parts'] as $k => $part) { + $k = (int)$k; $type = $part['type']; if ($type === 'nctalk') { @@ -507,6 +508,22 @@ private function generateConfig(array $bridge): string { return $content; } + protected function validateParts(array $parts): array { + foreach ($parts as $k => $part) { + if (!is_numeric($k)) { + $this->logger->error('User tried to configure a malicious matterbridge setup'); + throw new \InvalidArgumentException('Invalid matterbridge parameters'); + } + foreach ($part as $key => $value) { + if (preg_match('/["\n]/', $key) || preg_match('/["\n]/', $value)) { + $this->logger->error('User tried to configure a malicious matterbridge setup'); + throw new \InvalidArgumentException('Invalid matterbridge parameters'); + } + } + } + return $parts; + } + /** * Remove the scheme from an URL and add port * From e63cf9bb7ef2c4e2b2ffcbccff9f8254d9cad7c0 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 11 Dec 2025 14:27:40 +0100 Subject: [PATCH 2/4] ci: Fix guests app checkout Signed-off-by: Joas Schilling --- .github/workflows/integration-mariadb.yml | 2 +- .github/workflows/integration-mysql.yml | 2 +- .github/workflows/integration-oci.yml | 2 +- .github/workflows/integration-pgsql.yml | 2 +- .github/workflows/integration-sqlite.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/integration-mariadb.yml b/.github/workflows/integration-mariadb.yml index 598ca3fb773..3422b7fe86c 100644 --- a/.github/workflows/integration-mariadb.yml +++ b/.github/workflows/integration-mariadb.yml @@ -55,7 +55,7 @@ jobs: test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4'] php-versions: ['8.2'] server-versions: ['stable28'] - guests-versions: ['stable28'] + guests-versions: ['v3.0.1'] call-summary-bot-versions: ['main'] notifications-versions: ['stable28'] diff --git a/.github/workflows/integration-mysql.yml b/.github/workflows/integration-mysql.yml index c8975f2a87f..25ca2d596bf 100644 --- a/.github/workflows/integration-mysql.yml +++ b/.github/workflows/integration-mysql.yml @@ -55,7 +55,7 @@ jobs: test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4'] php-versions: ['8.2'] server-versions: ['stable28'] - guests-versions: ['stable28'] + guests-versions: ['v3.0.1'] call-summary-bot-versions: ['main'] notifications-versions: ['stable28'] diff --git a/.github/workflows/integration-oci.yml b/.github/workflows/integration-oci.yml index 54eb43f08ca..7d87220e2db 100644 --- a/.github/workflows/integration-oci.yml +++ b/.github/workflows/integration-oci.yml @@ -55,7 +55,7 @@ jobs: test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4'] php-versions: ['8.2'] server-versions: ['stable28'] - guests-versions: ['stable28'] + guests-versions: ['v3.0.1'] call-summary-bot-versions: ['main'] notifications-versions: ['stable28'] diff --git a/.github/workflows/integration-pgsql.yml b/.github/workflows/integration-pgsql.yml index dc24b68fe56..8b249db23bb 100644 --- a/.github/workflows/integration-pgsql.yml +++ b/.github/workflows/integration-pgsql.yml @@ -52,7 +52,7 @@ jobs: test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4'] php-versions: ['8.3'] server-versions: ['stable28'] - guests-versions: ['stable28'] + guests-versions: ['v3.0.1'] call-summary-bot-versions: ['main'] notifications-versions: ['stable28'] diff --git a/.github/workflows/integration-sqlite.yml b/.github/workflows/integration-sqlite.yml index c4fd9126c7e..6af7ed7e16c 100644 --- a/.github/workflows/integration-sqlite.yml +++ b/.github/workflows/integration-sqlite.yml @@ -55,7 +55,7 @@ jobs: test-suite: ['callapi', 'chat-1', 'chat-2', 'command', 'conversation-1', 'conversation-2', 'conversation-3', 'conversation-4', 'conversation-5', 'federation', 'integration', 'sharing-1', 'sharing-2', 'sharing-3', 'sharing-4'] php-versions: ['8.2'] server-versions: ['stable28'] - guests-versions: ['stable28'] + guests-versions: ['v3.0.1'] call-summary-bot-versions: ['main'] notifications-versions: ['stable28'] From 983fb38037ff7413871b1026bfcce915689f9866 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 11 Dec 2025 14:37:37 +0100 Subject: [PATCH 3/4] ci: Fix call-summary bot version Signed-off-by: Joas Schilling --- .github/workflows/integration-mariadb.yml | 2 +- .github/workflows/integration-mysql.yml | 2 +- .github/workflows/integration-oci.yml | 2 +- .github/workflows/integration-pgsql.yml | 2 +- .github/workflows/integration-sqlite.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/integration-mariadb.yml b/.github/workflows/integration-mariadb.yml index 3422b7fe86c..cf926a85225 100644 --- a/.github/workflows/integration-mariadb.yml +++ b/.github/workflows/integration-mariadb.yml @@ -56,7 +56,7 @@ jobs: php-versions: ['8.2'] server-versions: ['stable28'] guests-versions: ['v3.0.1'] - call-summary-bot-versions: ['main'] + call-summary-bot-versions: ['stable30'] notifications-versions: ['stable28'] services: diff --git a/.github/workflows/integration-mysql.yml b/.github/workflows/integration-mysql.yml index 25ca2d596bf..14907cbe642 100644 --- a/.github/workflows/integration-mysql.yml +++ b/.github/workflows/integration-mysql.yml @@ -56,7 +56,7 @@ jobs: php-versions: ['8.2'] server-versions: ['stable28'] guests-versions: ['v3.0.1'] - call-summary-bot-versions: ['main'] + call-summary-bot-versions: ['stable30'] notifications-versions: ['stable28'] services: diff --git a/.github/workflows/integration-oci.yml b/.github/workflows/integration-oci.yml index 7d87220e2db..1646e3b8d93 100644 --- a/.github/workflows/integration-oci.yml +++ b/.github/workflows/integration-oci.yml @@ -56,7 +56,7 @@ jobs: php-versions: ['8.2'] server-versions: ['stable28'] guests-versions: ['v3.0.1'] - call-summary-bot-versions: ['main'] + call-summary-bot-versions: ['stable30'] notifications-versions: ['stable28'] services: diff --git a/.github/workflows/integration-pgsql.yml b/.github/workflows/integration-pgsql.yml index 8b249db23bb..52fb8003928 100644 --- a/.github/workflows/integration-pgsql.yml +++ b/.github/workflows/integration-pgsql.yml @@ -53,7 +53,7 @@ jobs: php-versions: ['8.3'] server-versions: ['stable28'] guests-versions: ['v3.0.1'] - call-summary-bot-versions: ['main'] + call-summary-bot-versions: ['stable30'] notifications-versions: ['stable28'] services: diff --git a/.github/workflows/integration-sqlite.yml b/.github/workflows/integration-sqlite.yml index 6af7ed7e16c..39339b85b38 100644 --- a/.github/workflows/integration-sqlite.yml +++ b/.github/workflows/integration-sqlite.yml @@ -56,7 +56,7 @@ jobs: php-versions: ['8.2'] server-versions: ['stable28'] guests-versions: ['v3.0.1'] - call-summary-bot-versions: ['main'] + call-summary-bot-versions: ['stable30'] notifications-versions: ['stable28'] steps: From c36694ac8f05cdee2512e91a021a97988ab0deef Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 11 Dec 2025 14:42:55 +0100 Subject: [PATCH 4/4] chore: Set version to 18.0.15 Signed-off-by: Joas Schilling --- appinfo/info.xml | 2 +- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index 37fff51251c..ac8924891ac 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -16,7 +16,7 @@ And in the works for the [coming versions](https://github.com/nextcloud/spreed/m ]]> - 18.0.14 + 18.0.15 agpl Daniel Calviño Sánchez diff --git a/package-lock.json b/package-lock.json index 55e2836bd7c..ba36b8be239 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "talk", - "version": "18.0.14", + "version": "18.0.15", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "talk", - "version": "18.0.14", + "version": "18.0.15", "license": "agpl", "dependencies": { "@linusborg/vue-simple-portal": "^0.1.5", diff --git a/package.json b/package.json index ae482593f4e..4a32134ec56 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "talk", - "version": "18.0.14", + "version": "18.0.15", "private": true, "description": "", "author": "Joas Schilling ",