diff options
| author | Nils Adermann <naderman@naderman.de> | 2014-11-02 00:24:02 +0100 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2014-11-02 00:24:02 +0100 |
| commit | b6a4f83c412d4db7596ad677eca5551a5fc715d8 (patch) | |
| tree | 552dfa7830a2ffa7bec9437a921d9958fbec1830 /phpBB/phpbb | |
| parent | c980402a4cb6cb3457ad685cc7e88e8b37ee6f60 (diff) | |
| parent | f534503a66fc81e7bbe589b883167d2343871134 (diff) | |
| download | forums-b6a4f83c412d4db7596ad677eca5551a5fc715d8.tar forums-b6a4f83c412d4db7596ad677eca5551a5fc715d8.tar.gz forums-b6a4f83c412d4db7596ad677eca5551a5fc715d8.tar.bz2 forums-b6a4f83c412d4db7596ad677eca5551a5fc715d8.tar.xz forums-b6a4f83c412d4db7596ad677eca5551a5fc715d8.zip | |
Merge remote-tracking branch 'github-security/ticket/security-164-alt' into prep-release-3.1.1
* github-security/ticket/security-164-alt:
[ticket/security-164] Correctly format page_name
[ticket/security-164] Sanitize all global variables in symfony_request class
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/session.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/symfony_request.php | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 477e91efd6..14b4c63207 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -87,7 +87,7 @@ class session $symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo()); if ($symfony_request_path !== '/') { - $page_name .= $symfony_request_path; + $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } // current directory within the phpBB root (for example: adm) diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index bf9ddec493..ad949a35f2 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -38,6 +38,9 @@ class symfony_request extends Request array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); + array_walk_recursive($server_parameters, $sanitizer); + array_walk_recursive($files_parameters, $sanitizer); + array_walk_recursive($cookie_parameters, $sanitizer); parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } |