mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-27 20:10:18 +02:00
Code Issues Releases Wiki Activity

[ticket/13280] Add additional sanitizer for ampersands in server superglobal

Browse Source 
PHPBB3-13280
This commit is contained in:
Marc Alexander
2014-11-03 17:14:18 +01:00
parent 6fd092b5df
commit 13b59af1ff
3 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/phpbb/symfony_request.php
View File

@@ -30,6 +30,11 @@ class symfony_request extends Request
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
// This function is meant for additional handling of server variables
$server_sanitizer = function(&$value, $key) {
$value = str_replace('&', '&', $value);
};
$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
@@ -41,6 +46,7 @@ class symfony_request extends Request
array_walk_recursive($server_parameters, $sanitizer);
array_walk_recursive($files_parameters, $sanitizer);
array_walk_recursive($cookie_parameters, $sanitizer);
array_walk_recursive($server_parameters, $server_sanitizer);
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}