mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 14:48:28 +01:00
Code Issues Releases Wiki Activity

[ticket/13280] Revert "Merge pull request #3107 from marc1706/ticket/13280"

Browse Source 
This reverts commit a1b58d05d158ff7afd789c1b27821e17198f8d58, reversing
changes made to 0e772afb9db640e54e84cfccaddcf74f3edbb3fb.

PHPBB3-13280
This commit is contained in:
Tristan Darricau 2014-11-12 10:30:27 +01:00
parent cd6085ebdc
commit 6d533d2f86
4 changed files with 12 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/phpbb/session.php
View File

@ -43,7 +43,7 @@ class session
// First of all, get the request uri...
$script_name = $symfony_request->getScriptName();
$args = explode('&', $symfony_request->getQueryString());
$args = explode('&', $symfony_request->getQueryString());
// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
if (!$script_name)
@ -61,8 +61,8 @@ class session
// Since some browser do not encode correctly we need to do this with some "special" characters...
// " -> %22, ' => %27, < -> %3C, > -> %3E
$find = array('"', "'", '<', '>', '&quot;', '&lt;', '&gt;');
$replace = array('%22', '%27', '%3C', '%3E', '%22', '%3C', '%3E');
$find = array('"', "'", '<', '>');
$replace = array('%22', '%27', '%3C', '%3E');
foreach ($args as $key => $argument)
{

10
phpBB/phpbb/symfony_request.php
View File

@ -30,12 +30,6 @@ class symfony_request extends Request
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
// This function is meant for additional handling of server variables
$server_sanitizer = function(&$value, $key) use ($sanitizer) {
$sanitizer($value, $key);
$value = str_replace('&amp;', '&', $value);
};
$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
@ -44,12 +38,10 @@ class symfony_request extends Request
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
array_walk_recursive($server_parameters, $sanitizer);
array_walk_recursive($files_parameters, $sanitizer);
array_walk_recursive($cookie_parameters, $sanitizer);
// Run special sanitizer for server superglobal
array_walk_recursive($server_parameters, $server_sanitizer);
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}
}

6
tests/functions/build_url_test.php
View File

@ -69,11 +69,6 @@ class phpbb_build_url_test extends phpbb_test_case
array('f', 'style', 't'),
'http://test.phpbb.com/viewtopic.php?',
),
array(
'posting.php?f=2&mode=delete&p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
false,
'phpBB/posting.php?f=2&amp;mode=delete&amp;p=20%22%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E',
)
);
}
@ -85,7 +80,6 @@ class phpbb_build_url_test extends phpbb_test_case
global $user, $phpbb_root_path;
$user->page['page'] = $page;
$output = build_url($strip_vars);
$this->assertEquals($expected, $output);

28
tests/security/extract_current_page_test.php
View File

@ -37,16 +37,16 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
));
$symfony_request->expects($this->any())
->method('getScriptName')
->will($this->returnValue($this->sanitizer($url)));
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($this->sanitizer($query_string)));
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->sanitizer($this->any()))
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue($this->sanitizer('/')));
->will($this->returnValue('/'));
$result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@ -65,32 +65,20 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
));
$symfony_request->expects($this->any())
->method('getScriptName')
->will($this->returnValue($this->sanitizer($url)));
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($this->sanitizer($query_string)));
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($this->sanitizer($server['REQUEST_URI'])));
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue($this->sanitizer('/')));
->will($this->returnValue('/'));
$result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
$this->assertEquals($expected, $result['query_string'], $label);
}
protected function sanitizer($value)
{
// Fix for objects passed in phpunit
if (is_object($value))
{
return $value;
}
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
return str_replace('&amp;', '&', $value);
}
}