mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'github-nicofuma/ticket/13280' into develop-ascraeus

Browse Source 
* github-nicofuma/ticket/13280:
  [ticket/13280] Output escaping for the symfony request object
  [ticket/13280] Add new tests
  [ticket/13280] Make the tests failing
  [ticket/13280] Revert "Merge pull request #3107 from marc1706/ticket/13280"
This commit is contained in:
Nils Adermann
2014-11-16 16:50:15 +01:00
parent e27b69f42a 0dfe1d0d8b
commit 4ffdb12938
16 changed files with 164 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/phpbb/controller/helper.php
View File

@@ -44,6 +44,9 @@ class helper
/* @var \phpbb\symfony_request */
protected $symfony_request;
/* @var \phpbb\request\request_interface */
protected $request;
/**
* @var \phpbb\filesystem The filesystem object
*/
@@ -70,16 +73,18 @@ class helper
* @param \phpbb\controller\provider $provider Path provider
* @param \phpbb\extension\manager $manager Extension manager object
* @param \phpbb\symfony_request $symfony_request Symfony Request object
* @param \phpbb\request\request_interface $request phpBB request object
* @param \phpbb\filesystem $filesystem The filesystem object
* @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP file extension
*/
public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)
public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)
{
$this->template = $template;
$this->user = $user;
$this->config = $config;
$this->symfony_request = $symfony_request;
$this->request = $request;
$this->filesystem = $filesystem;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
@@ -153,7 +158,7 @@ class helper
}
}
$base_url = $this->filesystem->clean_path($base_url);
$base_url = $this->request->escape($this->filesystem->clean_path($base_url), true);
$context->setBaseUrl($base_url);
@@ -197,6 +202,6 @@ class helper
*/
public function get_current_url()
{
return generate_board_url(true) . $this->symfony_request->getRequestUri();
return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true);
}
}

6
phpBB/phpbb/path_helper.php
View File

@@ -154,6 +154,7 @@ class path_helper
return $this->web_root_path;
}
// We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result.
// Path info (e.g. /foo/bar)
$path_info = $this->filesystem->clean_path($this->symfony_request->getPathInfo());
@@ -203,9 +204,12 @@ class path_helper
*/
if ($this->request->is_ajax() && $this->symfony_request->get('_referer'))
{
// We need to escape $absolute_board_url because it can be partially concatenated to the result.
$absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);
$referer_web_root_path = $this->get_web_root_path_from_ajax_referer(
$this->symfony_request->get('_referer'),
$this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath()
$absolute_board_url
);
return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path;
}

23
phpBB/phpbb/request/request.php
View File

@@ -416,4 +416,27 @@ class request implements \phpbb\request\request_interface
{
return $this->input[$super_global];
}
/**
* {@inheritdoc}
*/
public function escape($var, $multibyte)
{
if (is_array($var))
{
$result = array();
foreach ($var as $key => $value)
{
$this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte);
$result[$key] = $this->escape($value, $multibyte);
}
$var = $result;
}
else
{
$this->type_cast_helper->set_var($var, $var, 'string', $multibyte);
}
return $var;
}
}

10
phpBB/phpbb/request/request_interface.php
View File

@@ -142,4 +142,14 @@ interface request_interface
* @return array The original array of the requested super global.
*/
public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST);
/**
* Escape a string variable.
*
* @param mixed $value The contents to fill with
* @param bool $multibyte Indicates whether string values may contain UTF-8 characters.
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
* @return string|array
*/
public function escape($value, $multibyte);
}

13
phpBB/phpbb/session.php
View File

@@ -31,10 +31,11 @@ class session
var $update_session_page = true;
/**
* Extract current session page
*
* @param string $root_path current root path (phpbb_root_path)
*/
* Extract current session page
*
* @param string $root_path current root path (phpbb_root_path)
* @return array
*/
static function extract_current_page($root_path)
{
global $request, $symfony_request, $phpbb_filesystem;
@@ -42,8 +43,8 @@ class session
$page_array = array();
// First of all, get the request uri...
$script_name = $symfony_request->getScriptName();
$args = explode('&', $symfony_request->getQueryString());
$script_name = $request->escape($symfony_request->getScriptName(), true);
$args = $request->escape(explode('&', $symfony_request->getQueryString()), true);
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
if (!$script_name)

24
phpBB/phpbb/symfony_request.php
View File

@@ -15,6 +15,10 @@ namespace phpbb;
use Symfony\Component\HttpFoundation\Request;
/**
* WARNING: The Symfony request does not escape the input and should be used very carefully
* prefer the phpbb request as possible
*/
class symfony_request extends Request
{
/**
@@ -24,32 +28,12 @@ class symfony_request extends Request
*/
public function __construct(\phpbb\request\request_interface $phpbb_request)
{
// This function is meant to sanitize the global input arrays
$sanitizer = function(&$value, $key) {
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
// This function is meant for additional handling of server variables
$server_sanitizer = function(&$value, $key) use ($sanitizer) {
$sanitizer($value, $key);
$value = str_replace('&', '&', $value);
};
$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
$files_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::FILES);
$cookie_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::COOKIE);
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
array_walk_recursive($files_parameters, $sanitizer);
array_walk_recursive($cookie_parameters, $sanitizer);
// Run special sanitizer for server superglobal
array_walk_recursive($server_parameters, $server_sanitizer);
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}
}