From ee7781e63f43d3bb3db56b74794c440fba2255ef Mon Sep 17 00:00:00 2001
From: Seb Dangerfield <1449113+sedan07@users.noreply.github.com>
Date: Fri, 27 Aug 2021 16:25:57 +0100
Subject: [PATCH] Prevent allowing reinstall by clearing the app_name setting

GHSA-r67m-m8c7-jp83
---
 app/Http/Controllers/Dashboard/SettingsController.php | 6 ++++++
 app/Http/Middleware/ReadyForUse.php                   | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Dashboard/SettingsController.php b/app/Http/Controllers/Dashboard/SettingsController.php
index aeb6cabc14ef..76a079646126 100644
--- a/app/Http/Controllers/Dashboard/SettingsController.php
+++ b/app/Http/Controllers/Dashboard/SettingsController.php
@@ -396,6 +396,12 @@ public function postSettings()
                     $settingValue = rtrim($settingValue, '/');
                 }
 
+                if ($settingName === 'app_name') {
+                    if (empty($settingValue)) {
+                        continue;
+                    }
+                }
+
                 $setting->set($settingName, $settingValue);
             }
         } catch (Exception $e) {
diff --git a/app/Http/Middleware/ReadyForUse.php b/app/Http/Middleware/ReadyForUse.php
index 11b1afbbb808..7b3f3be592d4 100644
--- a/app/Http/Middleware/ReadyForUse.php
+++ b/app/Http/Middleware/ReadyForUse.php
@@ -53,7 +53,7 @@ public function __construct(Repository $settings)
      */
     public function handle(Request $request, Closure $next)
     {
-        if (!$request->is('setup*') && !$this->settings->get('app_name')) {
+        if (!$request->is('setup*') && $this->settings->get('app_name') === null) {
             return cachet_redirect('setup');
         }