mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-31 05:53:14 +02:00
Code Issues Releases Wiki Activity

[ticket/14875] Add method for untrimmed input to ajax iohandler

Browse Source 
Due to the pre-encoded input and the escaping of the input, the
string has to be decoded twice for the password.

PHPBB3-14875
This commit is contained in:
Marc Alexander 2016-11-24 22:22:38 +01:00
parent 145ba85d98
commit 23f5b6debd
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
2 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
phpBB/phpbb/install/helper/iohandler/ajax_iohandler.php
View File

@ -120,6 +120,22 @@ class ajax_iohandler extends iohandler_base
return $this->request->variable($name, $default, $multibyte);
}
/**
* Returns untrimmed input variable
*
* @param string $name Name of the input variable to obtain
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
*
* @return mixed Value of the untrimmed input variable
*/
public function get_untrimmed_input($name, $default, $multibyte = false)
{
return $this->request->untrimmed_variable($name, $default, $multibyte);
}
/**
* {@inheritdoc}
*/

11
phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php
View File

@ -79,10 +79,19 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in
$dbhost = $this->io_handler->get_input('dbhost', '', true);
$dbport = $this->io_handler->get_input('dbport', '');
$dbuser = $this->io_handler->get_input('dbuser', '');
$dbpasswd = $this->io_handler->get_input('dbpasswd', '', true);
$dbname = $this->io_handler->get_input('dbname', '');
$table_prefix = $this->io_handler->get_input('table_prefix', '');
// Need to get untrimmed password when using ajax IO handler
if ($this->io_handler instanceof \phpbb\install\helper\iohandler\ajax_iohandler)
{
$dbpasswd = htmlspecialchars_decode(htmlspecialchars_decode($this->io_handler->get_untrimmed_input('dbpasswd', '', true)));
}
else
{
$dbpasswd = $this->io_handler->get_input('dbpasswd', '', true);
}
// Check database data
$user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix);