diff --git a/cake/VERSION.txt b/cake/VERSION.txt index 328fa2e81..e210b41c1 100644 --- a/cake/VERSION.txt +++ b/cake/VERSION.txt @@ -6,4 +6,4 @@ // +---------------------------------------------------------------------------------------------------+ // /////////////////////////////////////////////////////////////////////////////////////////////////////////// -1.2.2.8120 \ No newline at end of file +1.2.3.8166 \ No newline at end of file diff --git a/cake/config/config.php b/cake/config/config.php index 1ad4c719c..446aea182 100644 --- a/cake/config/config.php +++ b/cake/config/config.php @@ -22,5 +22,5 @@ * @lastmodified $Date$ * @license http://www.opensource.org/licenses/mit-license.php The MIT License */ -return $config['Cake.version'] = '1.2.2.8120'; +return $config['Cake.version'] = '1.2.3.8166'; ?> \ No newline at end of file diff --git a/cake/dispatcher.php b/cake/dispatcher.php index de0267563..9756c841a 100644 --- a/cake/dispatcher.php +++ b/cake/dispatcher.php @@ -344,7 +344,8 @@ class Dispatcher extends Object { return $this->base = $base; } if (!$baseUrl) { - $base = dirname(env('PHP_SELF')); + $replace = array('<', '>', '*', '\'', '"'); + $base = str_replace($replace, '', dirname(env('PHP_SELF'))); if ($webroot === 'webroot' && $webroot === basename($base)) { $base = dirname($base); diff --git a/cake/libs/model/model.php b/cake/libs/model/model.php index 1becede48..b20ad2c4e 100644 --- a/cake/libs/model/model.php +++ b/cake/libs/model/model.php @@ -1010,7 +1010,10 @@ class Model extends Overloadable { } if ($id !== null && $id !== false) { - $this->data = $this->find(array($this->alias . '.' . $this->primaryKey => $id), $fields); + $this->data = $this->find('first', array( + 'conditions' => array($this->alias . '.' . $this->primaryKey => $id), + 'fields' => $fields + )); return $this->data; } else { return false; diff --git a/cake/tests/cases/dispatcher.test.php b/cake/tests/cases/dispatcher.test.php index 0fcbfb3fb..a50037de8 100644 --- a/cake/tests/cases/dispatcher.test.php +++ b/cake/tests/cases/dispatcher.test.php @@ -1898,6 +1898,23 @@ class DispatcherTest extends CakeTestCase { unset($_POST['_method']); } + +/** + * Tests that invalid characters cannot be injected into the application base path. + * + * @return void + */ + function testBasePathInjection() { + $self = $_SERVER['PHP_SELF']; + $_SERVER['PHP_SELF'] = urldecode( + "/index.php/%22%3E%3Ch1%20onclick=%22alert('xss');%22%3Eheya%3C/h1%3E" + ); + + $dispatcher =& new Dispatcher(); + $result = $dispatcher->baseUrl(); + $expected = '/index.php/h1 onclick=alert(xss);heya'; + $this->assertEqual($result, $expected); + } /** * testEnvironmentDetection method * diff --git a/cake/tests/cases/libs/router.test.php b/cake/tests/cases/libs/router.test.php index f0bfb1441..f57c91d9c 100644 --- a/cake/tests/cases/libs/router.test.php +++ b/cake/tests/cases/libs/router.test.php @@ -658,14 +658,23 @@ class RouterTest extends CakeTestCase { Router::reload(); Router::setRequestInfo(array( - array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', 'pass' => - array(0 => '6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), 'url' => - array('url' => 'admin/shows/show_tickets/edit/6')), - array('plugin' => NULL, 'controller' => NULL, 'action' => NULL, 'base' => '', 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/'))); + array( + 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', + 'pass' => array('6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), + 'url' => array('url' => 'admin/shows/show_tickets/edit/6') + ), + array( + 'plugin' => null, 'controller' => null, 'action' => null, 'base' => '', + 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/' + ) + )); Router::parse('/'); - $result = Router::url(array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', 'admin' => true, 'prefix' => 'admin', )); + $result = Router::url(array( + 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', + 'admin' => true, 'prefix' => 'admin' + )); $expected = '/admin/shows/show_tickets/edit/6'; $this->assertEqual($result, $expected); }