mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 00:02:18 +02:00
Code Issues Releases Wiki Activity

[ticket/13280] Only run sanitizer for server superglobal and modify tests

Browse Source 
PHPBB3-13280
This commit is contained in:
Marc Alexander 2014-11-04 16:54:45 +01:00
parent 3986470b3c
commit 32881dbe31
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/phpbb/symfony_request.php
View File

@ -31,7 +31,8 @@ class symfony_request extends Request
};
// This function is meant for additional handling of server variables
$server_sanitizer = function(&$value, $key) {
$server_sanitizer = function(&$value, $key) use ($sanitizer) {
$sanitizer($value, $key);
$value = str_replace('&', '&', $value);
};
@ -43,11 +44,10 @@ class symfony_request extends Request
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
array_walk_recursive($server_parameters, $sanitizer);
array_walk_recursive($files_parameters, $sanitizer);
array_walk_recursive($cookie_parameters, $sanitizer);
// Run additional sanitizer for server superglobal
// Run special sanitizer for server superglobal
array_walk_recursive($server_parameters, $server_sanitizer);
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);

7
tests/security/extract_current_page_test.php
View File

@ -84,8 +84,13 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
protected function sanitizer($value)
{
// Fix for objects passed in phpunit
if (is_object($value))
{
return $value;
}
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
return $value;
return str_replace('&', '&', $value);
}
}