From a2d40e597491933baaea9b84ff8f6446816bb22f Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 27 Dec 2014 07:08:32 +0100 Subject: [PATCH 1/2] RequestFactory: rejects invalid URL [Closes #30] --- src/Http/RequestFactory.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php index 9be953bd..608827c6 100644 --- a/src/Http/RequestFactory.php +++ b/src/Http/RequestFactory.php @@ -83,6 +83,9 @@ public function createHttpRequest(): Request // path & query $requestUrl = $_SERVER['REQUEST_URI'] ?? '/'; $requestUrl = preg_replace('#^\w++://[^/]++#', '', $requestUrl); + if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) { + // TODO: invalid request + } $requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']); $tmp = explode('?', $requestUrl, 2); $path = Url::unescape($tmp[0], '%/?#'); @@ -100,17 +103,15 @@ public function createHttpRequest(): Request } $url->setScriptPath($path); - // GET, POST, COOKIE + // POST, COOKIE $useFilter = (!in_array(ini_get('filter.default'), ['', 'unsafe_raw'], true) || ini_get('filter.default_flags')); - - $query = $url->getQueryParameters(); $post = $useFilter ? filter_input_array(INPUT_POST, FILTER_UNSAFE_RAW) : (empty($_POST) ? [] : $_POST); $cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE); // remove invalid characters $reChars = '#^[' . self::CHARS . ']*+\z#u'; if (!$this->binary) { - $list = [&$query, &$post, &$cookies]; + $list = [&$post, &$cookies]; foreach ($list as $key => &$val) { foreach ($val as $k => $v) { if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) { @@ -127,7 +128,6 @@ public function createHttpRequest(): Request } unset($list, $key, $val, $k, $v); } - $url->setQuery($query); // FILES and create FileUpload objects From 8fa7fa48a1c2c1055f72c7ebad6383e132b27eba Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 27 Dec 2014 16:35:47 +0100 Subject: [PATCH 2/2] RequestFactory: drops complete cookie/post when contain invalid chars (+ is faster) --- src/Http/RequestFactory.php | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php index 608827c6..732c8b0c 100644 --- a/src/Http/RequestFactory.php +++ b/src/Http/RequestFactory.php @@ -81,9 +81,10 @@ public function createHttpRequest(): Request } // path & query + $reChars = '#^[' . self::CHARS . ']*+\z#u'; $requestUrl = $_SERVER['REQUEST_URI'] ?? '/'; $requestUrl = preg_replace('#^\w++://[^/]++#', '', $requestUrl); - if (!$this->binary && (!preg_match(self::CHARS, rawurldecode($requestUrl)) || preg_last_error())) { + if (!$this->binary && (!preg_match($reChars, rawurldecode($requestUrl)) || preg_last_error())) { // TODO: invalid request } $requestUrl = Strings::replace($requestUrl, $this->urlFilters['url']); @@ -109,24 +110,13 @@ public function createHttpRequest(): Request $cookies = $useFilter ? filter_input_array(INPUT_COOKIE, FILTER_UNSAFE_RAW) : (empty($_COOKIE) ? [] : $_COOKIE); // remove invalid characters - $reChars = '#^[' . self::CHARS . ']*+\z#u'; if (!$this->binary) { - $list = [&$post, &$cookies]; - foreach ($list as $key => &$val) { - foreach ($val as $k => $v) { - if (is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) { - unset($list[$key][$k]); - - } elseif (is_array($v)) { - $list[$key][$k] = $v; - $list[] = &$list[$key][$k]; - - } else { - $list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v); - } - } + if (!preg_match($reChars, rawurldecode(http_build_query($post))) || preg_last_error()) { + $post = []; + } + if (!preg_match($reChars, rawurldecode(http_build_query($cookies))) || preg_last_error()) { + $cookies = []; } - unset($list, $key, $val, $k, $v); }