From 0ed0b50c2282612fd72415a2e8aa1983b90f6b02 Mon Sep 17 00:00:00 2001
From: Carsten Rose <carsten.rose@math.uzh.ch>
Date: Mon, 12 Jun 2023 14:06:56 +0200
Subject: [PATCH] Fixes #16392. Reevaluate sanitize class for each store.
---
extension/Classes/Core/Store/Store.php | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/extension/Classes/Core/Store/Store.php b/extension/Classes/Core/Store/Store.php
index b36b3f8db..0c0bb6758 100644
--- a/extension/Classes/Core/Store/Store.php
+++ b/extension/Classes/Core/Store/Store.php
@@ -603,18 +603,20 @@ class Store {
// no sanitizeClass specified: take predefined (if exist) or default.
if ($sanitizeClass === '' || $sanitizeClass === null) {
- $sanitizeDefault = SANITIZE_DEFAULT_OF_STORE[$store];
- $sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : $sanitizeDefault;
+ $sanitizeClassFinal = self::$sanitizeClass[$key] ?? SANITIZE_DEFAULT_OF_STORE[$store];
+ } else {
+ $sanitizeClassFinal = $sanitizeClass;
}
- $rawVal = isset(self::$raw[$store][$finalKey]) ? self::$raw[$store][$finalKey] : null;
- if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
- if ($sanitizeClass == SANITIZE_ALLOW_PATTERN) {
+
+ $rawVal = self::$raw[$store][$finalKey] ?? null;
+ if (self::$sanitizeStore[$store] && $sanitizeClassFinal != '') {
+ if ($sanitizeClassFinal == SANITIZE_ALLOW_PATTERN) {
// We do not have any pattern at this point. For those who be affected, they already checked earlier. So set 'no check'
- $sanitizeClass = SANITIZE_ALLOW_ALL;
+ $sanitizeClassFinal = SANITIZE_ALLOW_ALL;
}
- return Sanitize::sanitize($rawVal, $sanitizeClass, '', '', SANITIZE_EMPTY_STRING, '', $typeMessageViolate);
+ return Sanitize::sanitize($rawVal, $sanitizeClassFinal, '', '', SANITIZE_EMPTY_STRING, '', $typeMessageViolate);
} else {
if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
$rawVal = base64_decode($rawVal);
--
GitLab