Fixes #16392. Reevaluate sanitize class for each store.

0ed0b50c · Carsten Rose · cf5c4083 · 0ed0b50c
Commit 0ed0b50c authored 1 year ago by Carsten Rose
--- a/extension/Classes/Core/Store/Store.php
+++ b/extension/Classes/Core/Store/Store.php
@@ -603,18 +603,20 @@ class Store {
            // no sanitizeClass specified: take predefined (if exist) or default.
            if ($sanitizeClass === '' || $sanitizeClass === null) {
-                $sanitizeDefault = SANITIZE_DEFAULT_OF_STORE[$store];
+                $sanitizeClassFinal = self::$sanitizeClass[$key] ?? SANITIZE_DEFAULT_OF_STORE[$store];
-                $sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : $sanitizeDefault;
+            } else {
+                $sanitizeClassFinal = $sanitizeClass;
            }
-            $rawVal = isset(self::$raw[$store][$finalKey]) ? self::$raw[$store][$finalKey] : null;
-            if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
+            $rawVal = self::$raw[$store][$finalKey] ?? null;
-                if ($sanitizeClass == SANITIZE_ALLOW_PATTERN) {
+            if (self::$sanitizeStore[$store] && $sanitizeClassFinal != '') {
+                if ($sanitizeClassFinal == SANITIZE_ALLOW_PATTERN) {
                    // We do not have any pattern at this point. For those who be affected, they already checked earlier. So set 'no check'
-                    $sanitizeClass = SANITIZE_ALLOW_ALL;
+                    $sanitizeClassFinal = SANITIZE_ALLOW_ALL;
                }
-                return Sanitize::sanitize($rawVal, $sanitizeClass, '', '', SANITIZE_EMPTY_STRING, '', $typeMessageViolate);
+                return Sanitize::sanitize($rawVal, $sanitizeClassFinal, '', '', SANITIZE_EMPTY_STRING, '', $typeMessageViolate);
            } else {
                if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
                    $rawVal = base64_decode($rawVal);