Merge pull request from GHSA-r67m-m8c7-jp83

Prevent allowing reinstall by clearing the app_name setting
fiveai · Aug 27, 2021 · 120bd19 · 120bd19
2 parents ff63d1c + ee7781e
commit 120bd19
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/app/Http/Controllers/Dashboard/SettingsController.php b/app/Http/Controllers/Dashboard/SettingsController.php
@@ -396,6 +396,12 @@ public function postSettings()
                     $settingValue = rtrim($settingValue, '/');
                 }
 
+                if ($settingName === 'app_name') {
+                    if (empty($settingValue)) {
+                        continue;
+                    }
+                }
+
                 $setting->set($settingName, $settingValue);
             }
         } catch (Exception $e) {

diff --git a/app/Http/Middleware/ReadyForUse.php b/app/Http/Middleware/ReadyForUse.php
@@ -53,7 +53,7 @@ public function __construct(Repository $settings)
      */
     public function handle(Request $request, Closure $next)
     {
-        if (!$request->is('setup*') && !$this->settings->get('app_name')) {
+        if (!$request->is('setup*') && $this->settings->get('app_name') === null) {
             return cachet_redirect('setup');
         }