From 28ef238a5ccd41833de364ab14ff21a254a9beaf Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 16:26:40 +0100 Subject: [ticket/security-164] Sanitize all global variables in symfony_request class SECURITY-164 --- phpBB/phpbb/symfony_request.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/phpbb/symfony_request.php') diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index bf9ddec493..ad949a35f2 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -38,6 +38,9 @@ class symfony_request extends Request array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); + array_walk_recursive($server_parameters, $sanitizer); + array_walk_recursive($files_parameters, $sanitizer); + array_walk_recursive($cookie_parameters, $sanitizer); parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } -- cgit v1.2.1