recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Filter only possibly-tainted keys from superglobals

Summary: Ensures that weird behavior from filter_input_array does not remove keys from superglobals. Should fix T3677.

Test Plan:
Checked that $_SERVER contained same number of keys before and after
filtering, and that those affected by the original bug continue to be filtered
correctly.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: zorfling, aran, Korvin, wez

Maniphest Tasks: T3677

Differential Revision: https://secure.phabricator.com/D6680

authored by

Eric Stern and committed by
epriestley b20a0eed b712905d

+24 -19
+24 -19
support/PhabricatorStartup.php
··· 242 242 private static function normalizeInput() { 243 243 // Replace superglobals with unfiltered versions, disrespect php.ini (we 244 244 // filter ourselves) 245 - $_GET = filter_input_array(INPUT_GET, FILTER_UNSAFE_RAW); 246 - $_POST = filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW); 247 - $_SERVER = filter_input_array(INPUT_SERVER, FILTER_UNSAFE_RAW); 248 - $_COOKIE = filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW); 249 - $_ENV = filter_input_array(INPUT_ENV, FILTER_UNSAFE_RAW); 250 - if (!is_array($_GET)) { 251 - $_GET = array(); 252 - } 253 - if (!is_array($_POST)) { 254 - $_POST = array(); 255 - } 256 - if (!is_array($_SERVER)) { 257 - $_SERVER = array(); 258 - } 259 - if (!is_array($_COOKIE)) { 260 - $_COOKIE = array(); 261 - } 262 - if (!is_array($_ENV)) { 263 - $_ENV = array(); 245 + $filter = array(INPUT_GET, INPUT_POST, 246 + INPUT_SERVER, INPUT_ENV, INPUT_COOKIE); 247 + foreach ($filter as $type) { 248 + $filtered = filter_input_array($type, FILTER_UNSAFE_RAW); 249 + if (!is_array($filtered)) { 250 + continue; 251 + } 252 + switch ($type) { 253 + case INPUT_SERVER: 254 + $_SERVER = array_merge($_SERVER, $filtered); 255 + break; 256 + case INPUT_GET: 257 + $_GET = array_merge($_GET, $filtered); 258 + break; 259 + case INPUT_COOKIE: 260 + $_COOKIE = array_merge($_COOKIE, $filtered); 261 + break; 262 + case INPUT_POST: 263 + $_POST = array_merge($_POST, $filtered); 264 + break; 265 + case INPUT_ENV; 266 + $_ENV = array_merge($_ENV, $filtered); 267 + break; 268 + } 264 269 } 265 270 266 271 // rebuild $_REQUEST, respecting order declared in ini files