mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
Adding fix for #2612, Fixes AuthComponent::identify SQL injection, and also removes ability to pass the -! in the posted data
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5139 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut
parent
12aea2c0f7
commit
df5c02aa8f
2 changed files with 23 additions and 4 deletions
|
|
@ -411,7 +411,7 @@ class Dispatcher extends Object {
|
|||
}
|
||||
|
||||
if (isset($params['form']['data'])) {
|
||||
$params['data'] = $params['form']['data'];
|
||||
$params['data'] = Router::stripEscape($params['form']['data']);
|
||||
unset($params['form']['data']);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -255,9 +255,9 @@ class Router extends Object {
|
|||
if (is_array($defaults)) {
|
||||
foreach($defaults as $name => $value) {
|
||||
if (preg_match('#[a-zA-Z_\-]#i', $name)) {
|
||||
$out[$name] = $value;
|
||||
$out[$name] = $_this->stripEscape($value);
|
||||
} else {
|
||||
$out['pass'][] = $value;
|
||||
$out['pass'][] = $_this->stripEscape($value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -270,7 +270,10 @@ class Router extends Object {
|
|||
break; //leave the default values;
|
||||
} else {
|
||||
// unnamed elements go in as 'pass'
|
||||
$out['pass'] = explode('/', $found);
|
||||
$search = explode('/', $found);
|
||||
foreach($search as $k => $value) {
|
||||
$out['pass'][] = $_this->stripEscape($value);
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
|
@ -732,6 +735,22 @@ class Router extends Object {
|
|||
}
|
||||
return $base;
|
||||
}
|
||||
function stripEscape($param) {
|
||||
if(is_string($param) || empty($param)) {
|
||||
$return = preg_replace('/^ ?-!/', '', $param);
|
||||
return $return;
|
||||
}
|
||||
foreach($param as $key => $value) {
|
||||
if(is_string($value)) {
|
||||
$return[$key] = preg_replace('/^ ?-!/', '', $value);
|
||||
} else {
|
||||
foreach ($value as $array => $string) {
|
||||
$return[$key][$array] = preg_replace('/^ ?-!/', '', $string);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
/**
|
||||
* Instructs the router to parse out file extensions from the URL. For example,
|
||||
* http://example.com/posts.rss would yield an file extension of "rss".
|
||||
|
|
|
|||
Loading…
Reference in a new issue