Strip null bytes from GET vars

min/lib/Minify/Controller/MinApp.php

@@ -20,6 +20,13 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
      * @return array Minify options
      */
     public function setupSources($options) {
+        // PHP insecure by default: realpath() and other FS functions can't handle null bytes.
+        foreach (array('g', 'b', 'f') as $key) {
+            if (isset($_GET[$key])) {
+                $_GET[$key] = str_replace("\x00", '', (string)$_GET[$key]);
+            }
+        }
+
         // filter controller options
         $cOptions = array_merge(
             array(
@@ -34,12 +41,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
         $sources = array();
         $this->selectionId = '';
         $firstMissingResource = null;
-        
         if (isset($_GET['g'])) {
-            if (! is_string($_GET['g'])) {
-                $this->log("GET param 'g' was invalid");
-                return $options;
-            }
             // add group(s)
             $this->selectionId .= 'g=' . $_GET['g'];
             $keys = explode(',', $_GET['g']);
@@ -94,10 +96,6 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
             }
         }
         if (! $cOptions['groupsOnly'] && isset($_GET['f'])) {
-            if (! is_string($_GET['f'])) {
-                $this->log("GET param 'f' was invalid");
-                return $options;
-            }
             // try user files
             // The following restrictions are to limit the URLs that minify will
             // respond to.
@@ -126,8 +124,7 @@ class Minify_Controller_MinApp extends Minify_Controller_Base {
             }
             if (isset($_GET['b'])) {
                 // check for validity
-                if (is_string($_GET['b'])
-                    && preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
+                if (preg_match('@^[^/]+(?:/[^/]+)*$@', $_GET['b'])
                     && false === strpos($_GET['b'], '..')
                     && $_GET['b'] !== '.') {
                     // valid base

min/lib/Minify/Controller/Version1.php

@@ -24,6 +24,11 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
      * 
      */
     public function setupSources($options) {
+        // PHP insecure by default: realpath() and other FS functions can't handle null bytes.
+        if (isset($_GET['files'])) {
+            $_GET['files'] = str_replace("\x00", '', (string)$_GET['files']);
+        }
+
         self::_setupDefines();
         if (MINIFY_USE_CACHE) {
             $cacheDir = defined('MINIFY_CACHE_DIR')
@@ -49,7 +54,6 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
         ) {
             return $options;
         }
-        $extension = $m[1];
 
         $files = explode(',', $_GET['files']);
         if (count($files) > MINIFY_MAX_FILES) {
@@ -61,7 +65,6 @@ class Minify_Controller_Version1 extends Minify_Controller_Base {
             . DIRECTORY_SEPARATOR;
         $prependAbsPaths = $_SERVER['DOCUMENT_ROOT'];
         
-        $sources = array();
         $goodFiles = array();
         $hasBadSource = false;