mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2025-03-15 05:59:50 +00:00
Add an upper bound to the POST data SecurityComponent will consider.
'Kurita Takashi' has let us know that the previous patterns could be abused by an evil doer. One could potentially send a very large deeply nested POST data structure. Matching that structure could overflow the PCRE limits causing a segmentation fault. Adding an upper bound will solve the problem and I doubt anyone is doing POST data structures with more than 10 levels of nesting.
This commit is contained in:
parent
765be87d88
commit
1988e89e73
1 changed files with 2 additions and 2 deletions
|
@ -470,8 +470,8 @@ class SecurityComponent extends Component {
|
|||
$multi = array();
|
||||
|
||||
foreach ($fieldList as $i => $key) {
|
||||
if (preg_match('/(\.\d+)+$/', $key)) {
|
||||
$multi[$i] = preg_replace('/(\.\d+)+$/', '', $key);
|
||||
if (preg_match('/(\.\d{1,10})+$/', $key)) {
|
||||
$multi[$i] = preg_replace('/(\.\d{1,10})+$/', '', $key);
|
||||
unset($fieldList[$i]);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue