Commit f5234274 authored by Carsten  Rose's avatar Carsten Rose

Client.php, Sanatize.php: Clean $_GET for 'type' and 'L'. They might be poisoned in cache.

parent 68efa9c5
......@@ -54,12 +54,11 @@ class Sanitize {
* @param string $value value to check
* @param string $sanitizeClass
* @param string $pattern Pattern as regexp
* @param array $decimalFormat with [ size, precision ]
* @param string $decimalFormat with 'size,precision'
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws CodeException
* @throws UserFormException
* @throws \qfq\CodeException
*/
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $decimalFormat = '', $mode = SANITIZE_EMPTY_STRING) {
......@@ -130,12 +129,11 @@ class Sanitize {
* If check fails, depending on $mode, throws an UserException or return an empty string.
*
* @param string $value value to check
* @param $formElement
* @param $min
* @param $max
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws UserFormException
* @throws \qfq\CodeException
*/
public static function checkMinMax($value, $min, $max, $mode = SANITIZE_EMPTY_STRING) {
$errorCode = 0;
......@@ -223,7 +221,7 @@ class Sanitize {
/**
* Take the given $item (or iterates over all elements of the given array) and normalize the content.
* Only strings will be normalized. Sub arrays will be recursived normalized. Numeric content is skipped.
* Only strings will be normalized. Sub arrays will be normalized recursive. Numeric content is skipped.
* Throws an exception for unknown content.
*
* It's important to normalize the user input: e.g. someone is searching for a record and input the search string
......@@ -279,4 +277,24 @@ class Sanitize {
return $item;
}
/**
* Check a given $_GET[$key] is digit.
* If yes: do nothing
* If no: set to the first character (if it is a digit) else to an empty string.
*
* @param $key
*/
public static function digitCheckAndCleanGet($key) {
if (isset($_GET[$key]) && !ctype_digit($_GET[$key])) {
if (ctype_digit($_GET[$key][0])) {
$_GET[$key] = $_GET[$key][0];
} else {
$_GET[$key] = '';
}
}
}
}
\ No newline at end of file
......@@ -22,8 +22,12 @@ class Client {
$cookie = array();
$server = array();
// Dirty workaround to clean poisoned T3 cache
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_TYPE);
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
if (isset($_GET)) {
$get = \qfq\Sanitize::urlDecodeArr($_GET);
$get = Sanitize::urlDecodeArr($_GET);
}
if (isset($_POST)) {
......
......@@ -119,7 +119,7 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals($val, Sanitize::checkMinMax($val, "", "56"), $msg);
$this->assertEquals('', Sanitize::checkMinMax($val, "57", ""), $msg);
$this->assertEquals('', Sanitize::checkMinMax($val, "", "2" ), $msg);
$this->assertEquals('', Sanitize::checkMinMax($val, "", "2"), $msg);
$this->assertEquals($val, Sanitize::checkMinMax($val, "0", "200"), $msg);
$this->assertEquals($val, Sanitize::checkMinMax($val, "-100", "200"), $msg);
......@@ -337,4 +337,38 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('test_./_oe', Sanitize::safeFilename($value, false, true));
}
/**
* Test string, numeric
*
* @throws CodeException
*/
public function testDigitCheckAndCleanGet() {
unset ($_GET[CLIENT_PAGE_LANGUAGE]);
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals(false, isset($_GET[CLIENT_PAGE_LANGUAGE]));
$_GET[CLIENT_PAGE_LANGUAGE] = '';
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals($_GET[CLIENT_PAGE_LANGUAGE], '');
$_GET[CLIENT_PAGE_LANGUAGE] = '0';
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals($_GET[CLIENT_PAGE_LANGUAGE], '0');
$_GET[CLIENT_PAGE_LANGUAGE] = '1234';
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals($_GET[CLIENT_PAGE_LANGUAGE], '1234');
$_GET[CLIENT_PAGE_LANGUAGE] = 'abc';
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals($_GET[CLIENT_PAGE_LANGUAGE], '');
$_GET[CLIENT_PAGE_LANGUAGE] = '54abc';
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
$this->assertEquals($_GET[CLIENT_PAGE_LANGUAGE], '5');
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment