diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-11-04 16:54:45 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-11-04 16:54:45 +0100 |
| commit | 32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6 (patch) | |
| tree | 981f08ea494fff473e7cb48687b72c8a30a2399a | |
| parent | 3986470b3c77240310f51bb101cccf180b9e4c1e (diff) | |
| download | forums-32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6.tar forums-32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6.tar.gz forums-32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6.tar.bz2 forums-32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6.tar.xz forums-32881dbe31a945b6d2449a3f7e1bf7c5e73cd0a6.zip | |
[ticket/13280] Only run sanitizer for server superglobal and modify tests
PHPBB3-13280
| -rw-r--r-- | phpBB/phpbb/symfony_request.php | 6 | ||||
| -rw-r--r-- | tests/security/extract_current_page_test.php | 7 |
2 files changed, 9 insertions, 4 deletions
diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index 23e5e6e29f..02d22c480f 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -31,7 +31,8 @@ class symfony_request extends Request }; // This function is meant for additional handling of server variables - $server_sanitizer = function(&$value, $key) { + $server_sanitizer = function(&$value, $key) use ($sanitizer) { + $sanitizer($value, $key); $value = str_replace('&', '&', $value); }; @@ -43,11 +44,10 @@ class symfony_request extends Request array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); - array_walk_recursive($server_parameters, $sanitizer); array_walk_recursive($files_parameters, $sanitizer); array_walk_recursive($cookie_parameters, $sanitizer); - // Run additional sanitizer for server superglobal + // Run special sanitizer for server superglobal array_walk_recursive($server_parameters, $server_sanitizer); parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index 8e536ee461..c127b69b2b 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -84,8 +84,13 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base protected function sanitizer($value) { + // Fix for objects passed in phpunit + if (is_object($value)) + { + return $value; + } $type_cast_helper = new \phpbb\request\type_cast_helper(); $type_cast_helper->set_var($value, $value, gettype($value), true); - return $value; + return str_replace('&', '&', $value); } } |