mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-06 22:45:02 +02:00
Code Issues Releases Wiki Activity

Merge pull request #2841 from nickvergessen/ticket/security-155

Browse Source 
[ticket/security-155] Cast the types of string values in the controller routes
This commit is contained in:
Marc Alexander 2014-08-09 01:46:39 +02:00
commit deaa0a8c75
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
phpBB/phpbb/controller/resolver.php
View File

@ -40,6 +40,12 @@ class resolver implements ControllerResolverInterface
*/ */
protected $template; protected $template;
/**
* Request type cast helper object
* @var \phpbb\request\type_cast_helper
*/
protected $type_cast_helper;
/** /**
* phpBB root path * phpBB root path
* @var string * @var string
@ -59,6 +65,7 @@ class resolver implements ControllerResolverInterface
$this->user = $user; $this->user = $user;
$this->container = $container; $this->container = $container;
$this->template = $template; $this->template = $template;
$this->type_cast_helper = new \phpbb\request\type_cast_helper();
$this->phpbb_root_path = $phpbb_root_path; $this->phpbb_root_path = $phpbb_root_path;
} }
@ -138,7 +145,16 @@ class resolver implements ControllerResolverInterface
{ {
if (array_key_exists($param->name, $attributes)) if (array_key_exists($param->name, $attributes))
{ {
$arguments[] = $attributes[$param->name]; if (is_string($attributes[$param->name]))
{
$value = $attributes[$param->name];
$this->type_cast_helper->set_var($value, $attributes[$param->name], 'string', true, false);
$arguments[] = $value;
}
else
{
$arguments[] = $attributes[$param->name];
}
} }
else if ($param->getClass() && $param->getClass()->isInstance($request)) else if ($param->getClass() && $param->getClass()->isInstance($request))
{ {