From 92fa74883f72e87b6587cd797cb6b75e1bf6d8c4 Mon Sep 17 00:00:00 2001 From: Grzegorz Szymaszek Date: Wed, 5 Feb 2020 21:25:46 +0100 Subject: [PATCH] Prevent array access on integer in BaseResponse MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The OC\AppFramework\OCS\BaseResponse::toXML() method iterates over the array provided as its parameter. It checks (among other things) if the first character of the current key of that array is ‘@’, but it doesn’t check if that key is actually a string (it may be an integer). This commit adds the missing check. Signed-off-by: Grzegorz Szymaszek --- lib/private/AppFramework/OCS/BaseResponse.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/private/AppFramework/OCS/BaseResponse.php b/lib/private/AppFramework/OCS/BaseResponse.php index 60a4fb57ab4db..1c7dbdad0e9d3 100644 --- a/lib/private/AppFramework/OCS/BaseResponse.php +++ b/lib/private/AppFramework/OCS/BaseResponse.php @@ -126,7 +126,7 @@ protected function renderResult(array $meta): string { */ protected function toXML(array $array, \XMLWriter $writer) { foreach ($array as $k => $v) { - if ($k[0] === '@') { + if (\is_string($k) && $k[0] === '@') { $writer->writeAttribute(substr($k, 1), $v); continue; }