From c5cef773c4811d2041c56a9c34da94a30f8190e1 Mon Sep 17 00:00:00 2001
From: Igor Wiedler <igor@wiedler.ch>
Date: Thu, 18 Aug 2011 23:38:39 +0200
Subject: [feature/request-class] Adjust code base to do html decoding manually

PHPBB3-9716
---
 phpBB/includes/auth/auth_apache.php            | 12 ++++++------
 phpBB/includes/functions.php                   |  7 ++++---
 phpBB/includes/functions_download.php          |  2 +-
 phpBB/includes/functions_messenger.php         |  2 +-
 phpBB/includes/questionnaire/questionnaire.php |  4 ++--
 phpBB/includes/session.php                     | 16 ++++++++--------
 phpBB/install/database_update.php              |  2 +-
 phpBB/install/index.php                        |  6 +++---
 phpBB/install/install_install.php              |  8 ++++----
 phpBB/style.php                                |  2 +-
 10 files changed, 31 insertions(+), 30 deletions(-)

diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php
index ff07936b36..9089703035 100644
--- a/phpBB/includes/auth/auth_apache.php
+++ b/phpBB/includes/auth/auth_apache.php
@@ -30,7 +30,7 @@ function init_apache()
 {
 	global $user, $request;
 
-	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== $request->server('PHP_AUTH_USER'))
+	if (!$request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER) || $user->data['username'] !== htmlspecialchars_decode($request->server('PHP_AUTH_USER')))
 	{
 		return $user->lang['APACHE_SETUP_BEFORE_USE'];
 	}
@@ -72,8 +72,8 @@ function login_apache(&$username, &$password)
 		);
 	}
 
-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -143,8 +143,8 @@ function autologin_apache()
 		return array();
 	}
 
-	$php_auth_user = $request->server('PHP_AUTH_USER');
-	$php_auth_pw = $request->server('PHP_AUTH_PW');
+	$php_auth_user = htmlspecialchars_decode($request->server('PHP_AUTH_USER'));
+	$php_auth_pw = htmlspecialchars_decode($request->server('PHP_AUTH_PW'));
 
 	if (!empty($php_auth_user) && !empty($php_auth_pw))
 	{
@@ -233,7 +233,7 @@ function validate_session_apache(&$user)
 	// Check if PHP_AUTH_USER is set and handle this case
 	if ($request->is_set('PHP_AUTH_USER', phpbb_request_interface::SERVER))
 	{
-		$php_auth_user = $request->server('PHP_AUTH_USER', '', true);
+		$php_auth_user = $request->server('PHP_AUTH_USER');
 
 		return ($php_auth_user === $user['username']) ? true : false;
 	}
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ea96801129..b0c89bdceb 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -879,7 +879,8 @@ function phpbb_own_realpath($path)
 		{
 			// Warning: If chdir() has been used this will lie!
 			// Warning: This has some problems sometime (CLI can create them easily)
-			$path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($request->server('SCRIPT_FILENAME'))) . '/' . $path;
+			$filename = htmlspecialchars_decode($request->server('SCRIPT_FILENAME'));
+			$path = str_replace(DIRECTORY_SEPARATOR, '/', dirname($filename)) . '/' . $path;
 			$absolute = true;
 			$path_prefix = '';
 		}
@@ -4242,7 +4243,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, phpbb_request_interface::SERVER))
 		{
-			$username = $request->server($k);
+			$username = htmlspecialchars_decode($request->server($k));
 			break;
 		}
 	}
@@ -4252,7 +4253,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, phpbb_request_interface::SERVER))
 		{
-			$password = $request->server($k);
+			$password = htmlspecialchars_decode($request->server($k));
 			break;
 		}
 	}
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index bcb360cac7..b4664d74cb 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -301,7 +301,7 @@ function download_allowed()
 		return true;
 	}
 
-	$url = trim($request->header('Referer'));
+	$url = htmlspecialchars_decode($request->header('Referer'));
 
 	if (!$url)
 	{
diff --git a/phpBB/includes/functions_messenger.php b/phpBB/includes/functions_messenger.php
index a9241884bb..1866733545 100644
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -342,7 +342,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = $request->server('PHP_SELF');
+		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));
 
 		$message = '';
 		switch ($type)
diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php
index ed61cf82d0..fa12d570df 100644
--- a/phpBB/includes/questionnaire/questionnaire.php
+++ b/phpBB/includes/questionnaire/questionnaire.php
@@ -152,11 +152,11 @@ class phpbb_questionnaire_system_data_provider
 
 		// Start discovering the IPV4 server address, if available
 		// Try apache, IIS, fall back to 0.0.0.0
-		$server_address = $request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0'));
+		$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')));
 
 		return array(
 			'os'	=> PHP_OS,
-			'httpd'	=> $request->server('SERVER_SOFTWARE'),
+			'httpd'	=> htmlspecialchars_decode($request->server('SERVER_SOFTWARE')),
 			// we don't want the real IP address (for privacy policy reasons) but only
 			// a network address to see whether your installation is running on a private or public network.
 			'private_ip'	=> $this->is_private_ip($server_address),
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 9faf9eee60..84ad98d31f 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -46,13 +46,13 @@ class session
 		$page_array = array();
 
 		// First of all, get the request uri...
-		$script_name = $request->server('PHP_SELF');
-		$args = explode('&', $request->server('QUERY_STRING'));
+		$script_name = htmlspecialchars_decode($request->server('PHP_SELF'));
+		$args = explode('&', htmlspecialchars_decode($request->server('QUERY_STRING')));
 
 		// If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support...
 		if (!$script_name)
 		{
-			$script_name = $request->server('REQUEST_URI');
+			$script_name = htmlspecialchars_decode($request->server('REQUEST_URI'));
 			$script_name = (($pos = strpos($script_name, '?')) !== false) ? substr($script_name, 0, $pos) : $script_name;
 			$page_array['failover'] = 1;
 		}
@@ -146,7 +146,7 @@ class session
 		global $config, $request;
 
 		// Get hostname
-		$host = $request->header('Host', $request->server('SERVER_NAME'));
+		$host = htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME')));
 
 		// Should be a string and lowered
 		$host = (string) strtolower($host);
@@ -214,9 +214,9 @@ class session
 		$this->time_now				= time();
 		$this->cookie_data			= array('u' => 0, 'k' => '');
 		$this->update_session_page	= $update_session_page;
-		$this->browser				= $request->header('User-Agent', '', true);
-		$this->referer				= $request->header('Referer', '', true);
-		$this->forwarded_for		= $request->header('X-Forwarded-For', '', true);
+		$this->browser				= $request->header('User-Agent');
+		$this->referer				= $request->header('Referer');
+		$this->forwarded_for		= $request->header('X-Forwarded-For');
 
 		$this->host					= $this->extract_current_hostname();
 		$this->page					= $this->extract_current_page($phpbb_root_path);
@@ -270,7 +270,7 @@ class session
 
 		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
 		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
-		$this->ip = $request->server('REMOTE_ADDR');
+		$this->ip = htmlspecialchars_decode($request->server('REMOTE_ADDR'));
 		$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
 
 		// split the list of IPs
diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php
index cd060a0b2b..b69d44d7be 100644
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -145,7 +145,7 @@ unset($dbpasswd);
 $user->ip = '';
 if ($request->server('REMOTE_ADDR'))
 {
-	$user->ip = (function_exists('phpbb_ip_normalise')) ? phpbb_ip_normalise($request->server('REMOTE_ADDR')) : $request->server('REMOTE_ADDR', '', true);
+	$user->ip = (function_exists('phpbb_ip_normalise')) ? phpbb_ip_normalise($request->server('REMOTE_ADDR')) : $request->server('REMOTE_ADDR');
 }
 
 $sql = "SELECT config_value
diff --git a/phpBB/install/index.php b/phpBB/install/index.php
index bba26fde7a..f43d95301f 100644
--- a/phpBB/install/index.php
+++ b/phpBB/install/index.php
@@ -430,14 +430,14 @@ class module
 		global $request;
 
 		// HTTP_HOST is having the correct browser url in most cases...
-		$server_name = strtolower($request->header('Host', $request->server('SERVER_NAME')));
+		$server_name = strtolower(htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME'))));
 		$server_port = $request->server('SERVER_PORT', 0);
 		$secure = $request->is_secure() ? 1 : 0;
 
-		$script_name = $request->server('PHP_SELF');
+		$script_name = htmlspecialchars_decode($request->server('PHP_SELF'));
 		if (!$script_name)
 		{
-			$script_name = $request->server('REQUEST_URI');
+			$script_name = htmlspecialchars_decode($request->server('REQUEST_URI'));
 		}
 
 		// Replace backslashes and doubled slashes (could happen on some proxy setups)
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 12f541e5f8..1a69638220 100644
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -1017,7 +1017,7 @@ class install_install extends module
 		$s_hidden_fields .= '<input type="hidden" name="language" value="' . $data['language'] . '" />';
 
 		// HTTP_HOST is having the correct browser url in most cases...
-		$server_name = strtolower($request->header('Host', $request->server('SERVER_NAME')));
+		$server_name = strtolower(htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME'))));
 
 		// HTTP HOST can carry a port number...
 		if (strpos($server_name, ':') !== false)
@@ -1033,10 +1033,10 @@ class install_install extends module
 
 		if ($data['script_path'] === '')
 		{
-			$name = $request->server('PHP_SELF');
+			$name = htmlspecialchars_decode($request->server('PHP_SELF'));
 			if (!$name)
 			{
-				$name = $request->server('REQUEST_URI');
+				$name = htmlspecialchars_decode($request->server('REQUEST_URI'));
 			}
 
 			// Replace backslashes and doubled slashes (could happen on some proxy setups)
@@ -1117,7 +1117,7 @@ class install_install extends module
 		}
 
 		// HTTP_HOST is having the correct browser url in most cases...
-		$server_name = strtolower($request->header('Host', $request->server('SERVER_NAME')));
+		$server_name = strtolower(htmlspecialchars_decode($request->header('Host', $request->server('SERVER_NAME'))));
 		$referer = strtolower($request->header('Referer'));
 
 		// HTTP HOST can carry a port number...
diff --git a/phpBB/style.php b/phpBB/style.php
index caa45784de..eaab4544bc 100644
--- a/phpBB/style.php
+++ b/phpBB/style.php
@@ -152,7 +152,7 @@ if ($id)
 	if ($config['gzip_compress'])
 	{
 		// IE6 is not able to compress the style (do not ask us why!)
-		$browser = strtolower($request->header('User-Agent', '', true));
+		$browser = strtolower($request->header('User-Agent'));
 
 		if ($browser && strpos($browser, 'msie 6.0') === false && @extension_loaded('zlib') && !headers_sent())
 		{
-- 
cgit v1.2.1