1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 14:30:32 +02:00

[ticket/13280] Add additional sanitizer for ampersands in server superglobal

PHPBB3-13280
This commit is contained in:
Marc Alexander
2014-11-03 17:14:18 +01:00
parent 6fd092b5df
commit 13b59af1ff
3 changed files with 14 additions and 10 deletions

View File

@@ -69,6 +69,11 @@ class phpbb_build_url_test extends phpbb_test_case
array('f', 'style', 't'),
'http://test.phpbb.com/viewtopic.php?',
),
array(
'posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
false,
'phpBB/posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
)
);
}
@@ -79,16 +84,10 @@ class phpbb_build_url_test extends phpbb_test_case
{
global $user, $phpbb_root_path;
$user->page['page'] = str_replace('%2F', '/', urlencode($this->sanitizer($page)));
$user->page['page'] = $page;
$output = build_url($strip_vars);
$this->assertEquals($expected, $output);
}
protected function sanitizer($value)
{
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
return $value;
}
}