mirror of
https://github.com/e107inc/e107.git
synced 2025-07-10 01:26:29 +02:00
Fixes faulty parsing of _GET when debug is activated. Pref editor will now use var_export on arrays when debug mode is active.
This commit is contained in:
@ -1447,7 +1447,16 @@ class system_tools
|
|||||||
|
|
||||||
foreach($spref as $key => $val)
|
foreach($spref as $key => $val)
|
||||||
{
|
{
|
||||||
$ptext = (is_array($val)) ? "<pre>".htmlentities(print_r($val, TRUE))."</pre>" : htmlspecialchars($val, ENT_QUOTES, 'utf-8');
|
if(is_array($val))
|
||||||
|
{
|
||||||
|
$varView = deftrue('e_DEBUG') ? var_export($val, true): print_r($val, true);
|
||||||
|
$ptext = "<pre>".htmlentities($varView)."</pre>" ;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ptext = htmlspecialchars($val, ENT_QUOTES, 'utf-8');
|
||||||
|
}
|
||||||
|
|
||||||
$ptext = $tp->textclean($ptext, 80);
|
$ptext = $tp->textclean($ptext, 80);
|
||||||
|
|
||||||
$text .= "
|
$text .= "
|
||||||
|
@ -5150,13 +5150,13 @@ class e107
|
|||||||
}
|
}
|
||||||
|
|
||||||
// e_MENU fix
|
// e_MENU fix
|
||||||
if(e_MENU)
|
if(deftrue('e_MENU'))
|
||||||
{
|
{
|
||||||
$requestUri = str_replace('['.e_MENU.']', '', $requestUri);
|
$requestUri = str_replace('['.e_MENU.']', '', $requestUri);
|
||||||
$requestUrl = str_replace('['.e_MENU.']', '', $requestUrl);
|
$requestUrl = str_replace('['.e_MENU.']', '', $requestUrl);
|
||||||
if(defset('e_QUERY'))
|
if(defset('e_QUERY'))
|
||||||
{
|
{
|
||||||
parse_str(e_QUERY, $_GET);
|
parse_str(str_replace('&', '&', e_QUERY), $_GET);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5311,33 +5311,45 @@ class e107
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set request related constants
|
* Defines e_QUERY in a format that can be used in HTML and defines e_MENU
|
||||||
* @param boolean $no_cbrace remove curly brackets from the url
|
* @param boolean $no_cbrace remove curly brackets from the url
|
||||||
* @return e107
|
* @return string parsed query string.
|
||||||
*/
|
*/
|
||||||
public function set_request($no_cbrace = true)
|
public function set_request($no_cbrace = true, $queryString =null)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
if($queryString === null)
|
||||||
|
{
|
||||||
|
$queryString = $_SERVER['QUERY_STRING'] ;
|
||||||
|
}
|
||||||
|
|
||||||
$inArray = array("'", '/**/', '/UNION/', '/SELECT/', 'AS ');
|
$inArray = array("'", '/**/', '/UNION/', '/SELECT/', 'AS ');
|
||||||
|
|
||||||
foreach($inArray as $res)
|
foreach($inArray as $res)
|
||||||
{
|
{
|
||||||
if(stripos($_SERVER['QUERY_STRING'], $res) !== false)
|
if(stripos($queryString, $res) !== false)
|
||||||
{
|
{
|
||||||
die('Access denied.');
|
die('Access denied.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$eMENUQry = str_replace(array('%5B','%5D'),array('[',']'),$_SERVER['QUERY_STRING']); //FIX for urlencoded QUERY_STRING without breaking the '+' used by debug.
|
$eMENUQry = str_replace(array('%5B','%5D'),array('[',']'), $queryString); //FIX for urlencoded QUERY_STRING without breaking the '+' used by debug.
|
||||||
if (strpos($eMENUQry, ']') && preg_match('#\[(.*?)](.*)#', $eMENUQry, $matches))
|
if (strpos($eMENUQry, ']') && preg_match('#\[(.*?)](.*)#', $eMENUQry, $matches))
|
||||||
|
{
|
||||||
|
if(!defined('e_MENU'))
|
||||||
{
|
{
|
||||||
define('e_MENU', $matches[1]);
|
define('e_MENU', $matches[1]);
|
||||||
|
}
|
||||||
$e_QUERY = $matches[2];
|
$e_QUERY = $matches[2];
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
if(!defined('e_MENU'))
|
||||||
{
|
{
|
||||||
define('e_MENU', '');
|
define('e_MENU', '');
|
||||||
$e_QUERY = $_SERVER['QUERY_STRING'];
|
}
|
||||||
|
|
||||||
|
$e_QUERY = $queryString;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($no_cbrace)
|
if ($no_cbrace)
|
||||||
@ -5345,21 +5357,27 @@ class e107
|
|||||||
$e_QUERY = str_replace(array('{', '}', '%7B', '%7b', '%7D', '%7d'), '', rawurldecode($e_QUERY));
|
$e_QUERY = str_replace(array('{', '}', '%7B', '%7b', '%7D', '%7d'), '', rawurldecode($e_QUERY));
|
||||||
}
|
}
|
||||||
|
|
||||||
// $e_QUERY = htmlentities(self::getParser()->post_toForm($e_QUERY)); //@see https://github.com/e107inc/e107/issues/719
|
|
||||||
$e_QUERY = htmlspecialchars(self::getParser()->post_toForm($e_QUERY));
|
$e_QUERY = htmlspecialchars(self::getParser()->post_toForm($e_QUERY));
|
||||||
|
|
||||||
// e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router
|
// e_QUERY SHOULD NOT BE DEFINED IF IN SNIGLE ENTRY MODE OR ALL URLS WILL BE BROKEN - it's defined later within the the router
|
||||||
if(!deftrue("e_SINGLE_ENTRY"))
|
if(!deftrue("e_SINGLE_ENTRY"))
|
||||||
{
|
{
|
||||||
define('e_QUERY', filter_var($e_QUERY, FILTER_SANITIZE_URL));
|
$e_QUERY = filter_var($e_QUERY, FILTER_SANITIZE_URL); //FIXME Breaks non-latin chars: @see https://github.com/e107inc/e107/issues/719
|
||||||
$_SERVER['QUERY_STRING'] = e_QUERY;
|
if(!defined('e_QUERY'))
|
||||||
|
{
|
||||||
|
define('e_QUERY', $e_QUERY);
|
||||||
|
$_SERVER['QUERY_STRING'] = $e_QUERY;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!defined('e_TBQS')) // for the unit tests.
|
||||||
|
{
|
||||||
define('e_TBQS', $_SERVER['QUERY_STRING']);
|
define('e_TBQS', $_SERVER['QUERY_STRING']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $e_QUERY;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Basic implementation of Browser cache control per user session. Awaiting improvement in future versions
|
* Basic implementation of Browser cache control per user session. Awaiting improvement in future versions
|
||||||
* If no argument is passed it returns
|
* If no argument is passed it returns
|
||||||
|
@ -1848,13 +1848,24 @@ class e107Test extends \Codeception\Test\Unit
|
|||||||
$res = null;
|
$res = null;
|
||||||
$this->assertTrue($res);
|
$this->assertTrue($res);
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
public function testSet_request()
|
public function testSet_request()
|
||||||
{
|
{
|
||||||
$res = null;
|
$tests = array(
|
||||||
$this->assertTrue($res);
|
'mode=main&action=create' => 'mode=main&action=create',
|
||||||
|
'[debug=counts!]mode=pref_editor&type=vstore' => 'mode=pref_editor&type=vstore',
|
||||||
|
// 'searchquery=šýá&mode=main' => 'searchquery=šýá&mode=main', //FIXME Fails.
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach($tests as $input => $expected)
|
||||||
|
{
|
||||||
|
$result = $this->e107->set_request(true, $input);
|
||||||
|
$this->assertSame($expected, $result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
/*
|
||||||
public function testCanCache()
|
public function testCanCache()
|
||||||
{
|
{
|
||||||
$res = null;
|
$res = null;
|
||||||
|
Reference in New Issue
Block a user