mirror of
https://github.com/phpbb/phpbb.git
synced 2025-04-21 16:22:22 +02:00
[ticket/8713] Do not trim login inputs
Create a function to request variables which are not trimmed. All requests for passwords (except forum passwords) now use the untrimmed request function. PHPBB3-8713
This commit is contained in:
Nathaniel Guse
parent
7bf598954c
commit
b3cd5a649b
@ -100,11 +100,11 @@ class acp_language
|
||||
switch ($method)
|
||||
{
|
||||
case 'ftp':
|
||||
$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
break;
|
||||
|
||||
case 'ftp_fsock':
|
||||
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -404,7 +404,7 @@ class acp_language
|
||||
trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
|
||||
}
|
||||
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
|
||||
if (($result = $transfer->open_session()) !== true)
|
||||
{
|
||||
|
||||
@ -32,7 +32,7 @@ class acp_users
|
||||
{
|
||||
global $config, $db, $user, $auth, $template, $cache;
|
||||
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
|
||||
global $phpbb_dispatcher;
|
||||
global $phpbb_dispatcher, $request;
|
||||
|
||||
$user->add_lang(array('posting', 'ucp', 'acp/users'));
|
||||
$this->tpl_name = 'acp_users';
|
||||
@ -770,8 +770,8 @@ class acp_users
|
||||
'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
|
||||
'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
|
||||
'email' => strtolower(request_var('user_email', $user_row['user_email'])),
|
||||
'new_password' => request_var('new_password', '', true),
|
||||
'password_confirm' => request_var('password_confirm', '', true),
|
||||
'new_password' => $request->untrimed_variable('new_password', '', true),
|
||||
'password_confirm' => $request->untrimed_variable('password_confirm', '', true),
|
||||
);
|
||||
|
||||
// Validation data - we do not check the password complexity setting here
|
||||
|
||||
@ -3044,11 +3044,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
|
||||
trigger_error('NO_AUTH_ADMIN');
|
||||
}
|
||||
|
||||
$password = request_var('password_' . $credential, '', true);
|
||||
$password = $request->untrimed_variable('password_' . $credential, '', true);
|
||||
}
|
||||
else
|
||||
{
|
||||
$password = request_var('password', '', true);
|
||||
$password = $request->untrimed_variable('password', '', true);
|
||||
}
|
||||
|
||||
$username = request_var('username', '', true);
|
||||
|
||||
@ -242,6 +242,69 @@ class phpbb_request implements phpbb_request_interface
|
||||
return $var;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a variable, but without trimming strings
|
||||
* Same functionality as variable(), except does not run trim() on strings
|
||||
* All variables in GET or POST requests should be retrieved through this function to maximise security.
|
||||
*
|
||||
* @param string|array $var_name The form variable's name from which data shall be retrieved.
|
||||
* If the value is an array this may be an array of indizes which will give
|
||||
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
|
||||
* then specifying array("var", 1) as the name will return "a".
|
||||
* @param mixed $default A default value that is returned if the variable was not set.
|
||||
* This function will always return a value of the same type as the default.
|
||||
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
|
||||
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
|
||||
* @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
|
||||
* Specifies which super global should be used
|
||||
*
|
||||
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
|
||||
* the same as that of $default. If the variable is not set $default is returned.
|
||||
*/
|
||||
public function untrimed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_interface::REQUEST)
|
||||
{
|
||||
$path = false;
|
||||
|
||||
// deep direct access to multi dimensional arrays
|
||||
if (is_array($var_name))
|
||||
{
|
||||
$path = $var_name;
|
||||
// make sure at least the variable name is specified
|
||||
if (empty($path))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
// the variable name is the first element on the path
|
||||
$var_name = array_shift($path);
|
||||
}
|
||||
|
||||
if (!isset($this->input[$super_global][$var_name]))
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
$var = $this->input[$super_global][$var_name];
|
||||
|
||||
if ($path)
|
||||
{
|
||||
// walk through the array structure and find the element we are looking for
|
||||
foreach ($path as $key)
|
||||
{
|
||||
if (is_array($var) && isset($var[$key]))
|
||||
{
|
||||
$var = $var[$key];
|
||||
}
|
||||
else
|
||||
{
|
||||
return (is_array($default)) ? array() : $default;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, false);
|
||||
|
||||
return $var;
|
||||
}
|
||||
|
||||
/**
|
||||
* Shortcut method to retrieve SERVER variables.
|
||||
*
|
||||
|
||||
@ -93,15 +93,23 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
|
||||
* @param mixed $type The variable type. Will be used with {@link settype()}
|
||||
* @param bool $multibyte Indicates whether string values may contain UTF-8 characters.
|
||||
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
|
||||
* @param bool $trim Indicates whether string values will be be parsed with trim()
|
||||
* Default is true
|
||||
*/
|
||||
public function set_var(&$result, $var, $type, $multibyte = false)
|
||||
public function set_var(&$result, $var, $type, $multibyte = false, $trim = true)
|
||||
{
|
||||
settype($var, $type);
|
||||
$result = $var;
|
||||
|
||||
if ($type == 'string')
|
||||
{
|
||||
$result = trim(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result));
|
||||
$result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result);
|
||||
|
||||
if ($trim)
|
||||
{
|
||||
$result = trim($result);
|
||||
}
|
||||
|
||||
$result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8');
|
||||
|
||||
if ($multibyte)
|
||||
@ -141,8 +149,10 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
|
||||
* @param bool $multibyte Indicates whether string keys and values may contain UTF-8 characters.
|
||||
* Default is false, causing all bytes outside the ASCII range (0-127) to
|
||||
* be replaced with question marks.
|
||||
* @param bool $trim Indicates whether string values will be be parsed with trim()
|
||||
* Default is true
|
||||
*/
|
||||
public function recursive_set_var(&$var, $default, $multibyte)
|
||||
public function recursive_set_var(&$var, $default, $multibyte, $trim = true)
|
||||
{
|
||||
if (is_array($var) !== is_array($default))
|
||||
{
|
||||
@ -153,7 +163,7 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
|
||||
if (!is_array($default))
|
||||
{
|
||||
$type = gettype($default);
|
||||
$this->set_var($var, $var, $type, $multibyte);
|
||||
$this->set_var($var, $var, $type, $multibyte, $trim);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -174,9 +184,9 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
|
||||
|
||||
foreach ($_var as $k => $v)
|
||||
{
|
||||
$this->set_var($k, $k, $key_type, $multibyte, $multibyte);
|
||||
$this->set_var($k, $k, $key_type, $multibyte, $trim);
|
||||
|
||||
$this->recursive_set_var($v, $default_value, $multibyte);
|
||||
$this->recursive_set_var($v, $default_value, $multibyte, $trim);
|
||||
$var[$k] = $v;
|
||||
}
|
||||
}
|
||||
|
||||
@ -46,9 +46,9 @@ class ucp_profile
|
||||
$data = array(
|
||||
'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)),
|
||||
'email' => strtolower(request_var('email', $user->data['user_email'])),
|
||||
'new_password' => request_var('new_password', '', true),
|
||||
'cur_password' => request_var('cur_password', '', true),
|
||||
'password_confirm' => request_var('password_confirm', '', true),
|
||||
'new_password' => $request->untrimed_variable('new_password', '', true),
|
||||
'cur_password' => $request->untrimed_variable('cur_password', '', true),
|
||||
'password_confirm' => $request->untrimed_variable('password_confirm', '', true),
|
||||
);
|
||||
|
||||
add_form_key('ucp_reg_details');
|
||||
|
||||
@ -170,8 +170,8 @@ class ucp_register
|
||||
|
||||
$data = array(
|
||||
'username' => utf8_normalize_nfc(request_var('username', '', true)),
|
||||
'new_password' => request_var('new_password', '', true),
|
||||
'password_confirm' => request_var('password_confirm', '', true),
|
||||
'new_password' => $request->untrimed_variable('new_password', '', true),
|
||||
'password_confirm' => $request->untrimed_variable('password_confirm', '', true),
|
||||
'email' => strtolower(request_var('email', '')),
|
||||
'lang' => basename(request_var('lang', $user->lang_name)),
|
||||
'tz' => request_var('tz', $timezone),
|
||||
|
||||
@ -862,7 +862,7 @@ class install_update extends module
|
||||
$test_connection = false;
|
||||
if ($test_ftp_connection || $submit)
|
||||
{
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$test_connection = $transfer->open_session();
|
||||
|
||||
// Make sure that the directory is correct by checking for the existence of common.php
|
||||
@ -948,7 +948,7 @@ class install_update extends module
|
||||
}
|
||||
else
|
||||
{
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
|
||||
$transfer->open_session();
|
||||
}
|
||||
|
||||
|
||||
@ -48,4 +48,14 @@ class phpbb_type_cast_helper_test extends phpbb_test_case
|
||||
|
||||
$this->assertEquals($expected, $data);
|
||||
}
|
||||
|
||||
public function test_untrimmed_strings()
|
||||
{
|
||||
$data = array(' eviL<3 ');
|
||||
$expected = array(' eviL<3 ');
|
||||
|
||||
$this->type_cast_helper->recursive_set_var($data, '', true, false);
|
||||
|
||||
$this->assertEquals($expected, $data);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user