1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 11:30:55 +01:00

Filter only possibly-tainted keys from superglobals

Summary: Ensures that weird behavior from filter_input_array does not remove keys from superglobals. Should fix T3677.

Test Plan:
Checked that $_SERVER contained same number of keys before and after
filtering, and that those affected by the original bug continue to be filtered
correctly.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: zorfling, aran, Korvin, wez

Maniphest Tasks: T3677

Differential Revision: https://secure.phabricator.com/D6680
This commit is contained in:
Eric Stern 2013-08-05 11:45:21 -07:00 committed by epriestley
parent b712905dc1
commit b20a0eed13

View file

@ -242,25 +242,30 @@ final class PhabricatorStartup {
private static function normalizeInput() { private static function normalizeInput() {
// Replace superglobals with unfiltered versions, disrespect php.ini (we // Replace superglobals with unfiltered versions, disrespect php.ini (we
// filter ourselves) // filter ourselves)
$_GET = filter_input_array(INPUT_GET, FILTER_UNSAFE_RAW); $filter = array(INPUT_GET, INPUT_POST,
$_POST = filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW); INPUT_SERVER, INPUT_ENV, INPUT_COOKIE);
$_SERVER = filter_input_array(INPUT_SERVER, FILTER_UNSAFE_RAW); foreach ($filter as $type) {
$_COOKIE = filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW); $filtered = filter_input_array($type, FILTER_UNSAFE_RAW);
$_ENV = filter_input_array(INPUT_ENV, FILTER_UNSAFE_RAW); if (!is_array($filtered)) {
if (!is_array($_GET)) { continue;
$_GET = array();
} }
if (!is_array($_POST)) { switch ($type) {
$_POST = array(); case INPUT_SERVER:
$_SERVER = array_merge($_SERVER, $filtered);
break;
case INPUT_GET:
$_GET = array_merge($_GET, $filtered);
break;
case INPUT_COOKIE:
$_COOKIE = array_merge($_COOKIE, $filtered);
break;
case INPUT_POST:
$_POST = array_merge($_POST, $filtered);
break;
case INPUT_ENV;
$_ENV = array_merge($_ENV, $filtered);
break;
} }
if (!is_array($_SERVER)) {
$_SERVER = array();
}
if (!is_array($_COOKIE)) {
$_COOKIE = array();
}
if (!is_array($_ENV)) {
$_ENV = array();
} }
// rebuild $_REQUEST, respecting order declared in ini files // rebuild $_REQUEST, respecting order declared in ini files