aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/symfony_request.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/symfony_request.php')
-rw-r--r--phpBB/phpbb/symfony_request.php13
1 files changed, 4 insertions, 9 deletions
diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php
index bf9ddec493..2931cae3cc 100644
--- a/phpBB/phpbb/symfony_request.php
+++ b/phpBB/phpbb/symfony_request.php
@@ -15,6 +15,10 @@ namespace phpbb;
use Symfony\Component\HttpFoundation\Request;
+/**
+ * WARNING: The Symfony request does not escape the input and should be used very carefully
+ * prefer the phpbb request as possible
+ */
class symfony_request extends Request
{
/**
@@ -24,21 +28,12 @@ class symfony_request extends Request
*/
public function __construct(\phpbb\request\request_interface $phpbb_request)
{
- // This function is meant to sanitize the global input arrays
- $sanitizer = function(&$value, $key) {
- $type_cast_helper = new \phpbb\request\type_cast_helper();
- $type_cast_helper->set_var($value, $value, gettype($value), true);
- };
-
$get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET);
$post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST);
$server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER);
$files_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::FILES);
$cookie_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::COOKIE);
- array_walk_recursive($get_parameters, $sanitizer);
- array_walk_recursive($post_parameters, $sanitizer);
-
parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-31 10:30:13 +0000