[ticket/security-164] Sanitize all global variables in symfony_request class

SECURITY-164
author: Marc Alexander <admin@m-a-styles.de> 2014-11-01 16:26:40 +0100
committer: Marc Alexander <admin@m-a-styles.de> 2014-11-01 22:43:18 +0100
commit: 28ef238a5ccd41833de364ab14ff21a254a9beaf (patch)
tree: dad7a64f43e55fa18eb5ea7c6baeffd28664aa52 /phpBB/phpbb/symfony_request.php
parent: 3f3c8d74e8501e59e4e6ace3fa87ef3d29b78117 (diff)
download: forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar
forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.gz
forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.bz2
forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.xz
forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php
index bf9ddec493..ad949a35f2 100644
--- a/phpBB/phpbb/symfony_request.php
+++ b/phpBB/phpbb/symfony_request.php
@@ -38,6 +38,9 @@ class symfony_request extends Request
 
 		array_walk_recursive($get_parameters, $sanitizer);
 		array_walk_recursive($post_parameters, $sanitizer);
+		array_walk_recursive($server_parameters, $sanitizer);
+		array_walk_recursive($files_parameters, $sanitizer);
+		array_walk_recursive($cookie_parameters, $sanitizer);
 
 		parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
 	}
author	Marc Alexander <admin@m-a-styles.de>	2014-11-01 16:26:40 +0100
committer	Marc Alexander <admin@m-a-styles.de>	2014-11-01 22:43:18 +0100
commit	28ef238a5ccd41833de364ab14ff21a254a9beaf (patch)
tree	dad7a64f43e55fa18eb5ea7c6baeffd28664aa52 /phpBB/phpbb/symfony_request.php
parent	3f3c8d74e8501e59e4e6ace3fa87ef3d29b78117 (diff)
download	forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.gz forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.bz2 forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.tar.xz forums-28ef238a5ccd41833de364ab14ff21a254a9beaf.zip