Applied D6LTS critical patch SA-CORE-2018-002
This commit is contained in:
parent
f0015d1842
commit
44710a763c
1 changed files with 57 additions and 0 deletions
|
|
@ -1141,6 +1141,7 @@ function _drupal_bootstrap($phase) {
|
|||
timer_start('page');
|
||||
// Initialize the configuration
|
||||
conf_init();
|
||||
_drupal_bootstrap_sanitize_request();
|
||||
break;
|
||||
|
||||
case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
|
||||
|
|
@ -1602,3 +1603,59 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
|
|||
} while ($before != $string);
|
||||
return check_plain($string);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitizes unsafe keys from the request.
|
||||
*/
|
||||
function _drupal_bootstrap_sanitize_request() {
|
||||
global $conf;
|
||||
static $sanitized;
|
||||
|
||||
if (!$sanitized) {
|
||||
// Ensure the whitelist array exists.
|
||||
if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
|
||||
$conf['sanitize_input_whitelist'] = array();
|
||||
}
|
||||
|
||||
$sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
|
||||
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
|
||||
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
|
||||
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
|
||||
$sanitized_keys = array_unique($sanitized_keys);
|
||||
|
||||
if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
|
||||
trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
|
||||
}
|
||||
|
||||
$sanitized = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sanitizes unsafe keys from user input.
|
||||
*
|
||||
* @param mixed $input
|
||||
* Input to sanitize.
|
||||
* @param array $whitelist
|
||||
* Whitelist of values.
|
||||
* @return array
|
||||
*/
|
||||
function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
|
||||
$sanitized_keys = array();
|
||||
|
||||
if (is_array($input)) {
|
||||
foreach ($input as $key => $value) {
|
||||
if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
|
||||
unset($input[$key]);
|
||||
$sanitized_keys[] = $key;
|
||||
}
|
||||
elseif (is_array($input[$key])) {
|
||||
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
|
||||
}
|
||||
}
|
||||
// PHP 5.x will leave the array pointer at the end without this.
|
||||
reset($input);
|
||||
}
|
||||
|
||||
return $sanitized_keys;
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue