@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Fix dynamic string usage as safe input
Summary: I somehow missed it.
Test Plan: /diffusion/PF/lint/master/
Reviewers: epriestley
Reviewed By: epriestley
CC: aran, Korvin
Differential Revision: https://secure.phabricator.com/D4801
+12
-14
+5
-5
src/applications/diffusion/controller/DiffusionLintController.php
+5
-5
src/applications/diffusion/controller/DiffusionLintController.php
···
160
160
$where[] = qsprintf($conn, 'branchID = %d', $branch->getID());
161
161
162
162
if ($drequest->getPath() != '') {
163
-
$is_dir = (substr($drequest->getPath(), -1) == '/');
164
-
$where[] = qsprintf(
165
-
$conn,
166
-
'path '.($is_dir ? 'LIKE %>' : '= %s'),
167
-
'/'.$drequest->getPath());
163
+
$path = '/'.$drequest->getPath();
164
+
$is_dir = (substr($path, -1) == '/');
165
+
$where[] = ($is_dir
166
+
? qsprintf($conn, 'path LIKE %>', $path)
167
+
: qsprintf($conn, 'path = %s', $path));
168
168
}
169
169
}
170
170
+7
-9
src/applications/diffusion/controller/DiffusionLintDetailsController.php
+7
-9
src/applications/diffusion/controller/DiffusionLintDetailsController.php
···
107
107
$conn = $branch->establishConnection('r');
108
108
109
109
$where = array(
110
-
qsprintf(
111
-
$conn,
112
-
'branchID = %d',
113
-
$branch->getID())
110
+
qsprintf($conn, 'branchID = %d', $branch->getID()),
114
111
);
112
+
115
113
if ($drequest->getPath() != '') {
116
-
$is_dir = (substr($drequest->getPath(), -1) == '/');
117
-
$where[] = qsprintf(
118
-
$conn,
119
-
'path '.($is_dir ? 'LIKE %>' : '= %s'),
120
-
'/'.$drequest->getPath());
114
+
$path = '/'.$drequest->getPath();
115
+
$is_dir = (substr($path, -1) == '/');
116
+
$where[] = ($is_dir
117
+
? qsprintf($conn, 'path LIKE %>', $path)
118
+
: qsprintf($conn, 'path = %s', $path));
121
119
}
122
120
123
121
if ($drequest->getLint() != '') {