From 6535e6225c5961781699f6afedba8b438045e083 Mon Sep 17 00:00:00 2001 From: gwoo Date: Mon, 4 May 2009 15:57:10 -0700 Subject: [PATCH] merging 1.2 --- cake/VERSION.txt | 2 +- cake/config/config.php | 2 +- cake/dispatcher.php | 3 ++- cake/libs/model/model.php | 5 ++++- cake/tests/cases/dispatcher.test.php | 17 +++++++++++++++++ cake/tests/cases/libs/router.test.php | 19 ++++++++++++++----- 6 files changed, 39 insertions(+), 9 deletions(-) diff --git a/cake/VERSION.txt b/cake/VERSION.txt index 328fa2e818f..e210b41c19d 100644 --- a/cake/VERSION.txt +++ b/cake/VERSION.txt @@ -6,4 +6,4 @@ // +---------------------------------------------------------------------------------------------------+ // /////////////////////////////////////////////////////////////////////////////////////////////////////////// -1.2.2.8120 \ No newline at end of file +1.2.3.8166 \ No newline at end of file diff --git a/cake/config/config.php b/cake/config/config.php index 1ad4c719c7e..446aea182cc 100644 --- a/cake/config/config.php +++ b/cake/config/config.php @@ -22,5 +22,5 @@ * @lastmodified $Date$ * @license http://www.opensource.org/licenses/mit-license.php The MIT License */ -return $config['Cake.version'] = '1.2.2.8120'; +return $config['Cake.version'] = '1.2.3.8166'; ?> \ No newline at end of file diff --git a/cake/dispatcher.php b/cake/dispatcher.php index de026756398..9756c841a1a 100644 --- a/cake/dispatcher.php +++ b/cake/dispatcher.php @@ -344,7 +344,8 @@ function baseUrl() { return $this->base = $base; } if (!$baseUrl) { - $base = dirname(env('PHP_SELF')); + $replace = array('<', '>', '*', '\'', '"'); + $base = str_replace($replace, '', dirname(env('PHP_SELF'))); if ($webroot === 'webroot' && $webroot === basename($base)) { $base = dirname($base); diff --git a/cake/libs/model/model.php b/cake/libs/model/model.php index 1becede48eb..b20ad2c4e17 100644 --- a/cake/libs/model/model.php +++ b/cake/libs/model/model.php @@ -1010,7 +1010,10 @@ function read($fields = null, $id = null) { } if ($id !== null && $id !== false) { - $this->data = $this->find(array($this->alias . '.' . $this->primaryKey => $id), $fields); + $this->data = $this->find('first', array( + 'conditions' => array($this->alias . '.' . $this->primaryKey => $id), + 'fields' => $fields + )); return $this->data; } else { return false; diff --git a/cake/tests/cases/dispatcher.test.php b/cake/tests/cases/dispatcher.test.php index 0fcbfb3fb77..a50037de844 100644 --- a/cake/tests/cases/dispatcher.test.php +++ b/cake/tests/cases/dispatcher.test.php @@ -1898,6 +1898,23 @@ function testHttpMethodOverrides() { unset($_POST['_method']); } + +/** + * Tests that invalid characters cannot be injected into the application base path. + * + * @return void + */ + function testBasePathInjection() { + $self = $_SERVER['PHP_SELF']; + $_SERVER['PHP_SELF'] = urldecode( + "/index.php/%22%3E%3Ch1%20onclick=%22alert('xss');%22%3Eheya%3C/h1%3E" + ); + + $dispatcher =& new Dispatcher(); + $result = $dispatcher->baseUrl(); + $expected = '/index.php/h1 onclick=alert(xss);heya'; + $this->assertEqual($result, $expected); + } /** * testEnvironmentDetection method * diff --git a/cake/tests/cases/libs/router.test.php b/cake/tests/cases/libs/router.test.php index f0bfb1441d6..f57c91d9c3e 100644 --- a/cake/tests/cases/libs/router.test.php +++ b/cake/tests/cases/libs/router.test.php @@ -658,14 +658,23 @@ function testUrlGeneration() { Router::reload(); Router::setRequestInfo(array( - array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', 'pass' => - array(0 => '6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), 'url' => - array('url' => 'admin/shows/show_tickets/edit/6')), - array('plugin' => NULL, 'controller' => NULL, 'action' => NULL, 'base' => '', 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/'))); + array( + 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'admin_edit', + 'pass' => array('6'), 'prefix' => 'admin', 'admin' => true, 'form' => array(), + 'url' => array('url' => 'admin/shows/show_tickets/edit/6') + ), + array( + 'plugin' => null, 'controller' => null, 'action' => null, 'base' => '', + 'here' => '/admin/shows/show_tickets/edit/6', 'webroot' => '/' + ) + )); Router::parse('/'); - $result = Router::url(array('plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', 'admin' => true, 'prefix' => 'admin', )); + $result = Router::url(array( + 'plugin' => 'shows', 'controller' => 'show_tickets', 'action' => 'edit', 'id' => '6', + 'admin' => true, 'prefix' => 'admin' + )); $expected = '/admin/shows/show_tickets/edit/6'; $this->assertEqual($result, $expected); }