mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-01 14:30:32 +02:00
[ticket/13280] Add additional sanitizer for ampersands in server superglobal
PHPBB3-13280
This commit is contained in:
@@ -69,6 +69,11 @@ class phpbb_build_url_test extends phpbb_test_case
|
||||
array('f', 'style', 't'),
|
||||
'http://test.phpbb.com/viewtopic.php?',
|
||||
),
|
||||
array(
|
||||
'posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
|
||||
false,
|
||||
'phpBB/posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
@@ -79,16 +84,10 @@ class phpbb_build_url_test extends phpbb_test_case
|
||||
{
|
||||
global $user, $phpbb_root_path;
|
||||
|
||||
$user->page['page'] = str_replace('%2F', '/', urlencode($this->sanitizer($page)));
|
||||
$user->page['page'] = $page;
|
||||
|
||||
$output = build_url($strip_vars);
|
||||
|
||||
$this->assertEquals($expected, $output);
|
||||
}
|
||||
|
||||
protected function sanitizer($value)
|
||||
{
|
||||
$type_cast_helper = new \phpbb\request\type_cast_helper();
|
||||
$type_cast_helper->set_var($value, $value, gettype($value), true);
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user