mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 14:48:28 +01:00
Code Issues Releases Wiki Activity

[ticket/13280] Add additional sanitizer for ampersands in server superglobal

Browse Source 
PHPBB3-13280
This commit is contained in:
Marc Alexander 2014-11-03 17:14:18 +01:00
parent 6fd092b5df
commit 13b59af1ff
3 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/includes/functions.php
View File

@ -2397,8 +2397,7 @@ function build_url($strip_vars = false)
global $config, $user, $phpbb_path_helper;
$php_ext = $phpbb_path_helper->get_php_ext();
// Change page back to expected format
$page = str_replace('&', '&', urldecode($user->page['page']));
$page = str_replace('&', '&', $user->page['page']);
// We need to be cautious here.
// On some situations, the redirect path is an absolute URL, sometimes a relative path

6
phpBB/phpbb/symfony_request.php
View File

@ -30,6 +30,11 @@ class symfony_request extends Request
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
// This function is meant for additional handling of server variables
$server_sanitizer = function(&$value, $key) {
$value = str_replace('&', '&', $value);
};
$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
@ -41,6 +46,7 @@ class symfony_request extends Request
array_walk_recursive($server_parameters, $sanitizer);
array_walk_recursive($files_parameters, $sanitizer);
array_walk_recursive($cookie_parameters, $sanitizer);
array_walk_recursive($server_parameters, $server_sanitizer);
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}

15
tests/functions/build_url_test.php
View File

@ -69,6 +69,11 @@ class phpbb_build_url_test extends phpbb_test_case
array('f', 'style', 't'),
'http://test.phpbb.com/viewtopic.php?',
),
array(
'posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
false,
'phpBB/posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
)
);
}
@ -79,16 +84,10 @@ class phpbb_build_url_test extends phpbb_test_case
{
global $user, $phpbb_root_path;
$user->page['page'] = str_replace('%2F', '/', urlencode($this->sanitizer($page)));
$user->page['page'] = $page;
$output = build_url($strip_vars);
$this->assertEquals($expected, $output);
}
protected function sanitizer($value)
{
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
return $value;
}
}