Skip to content

Commit

Permalink
Merge branch '1.4' into 1.5
Browse files Browse the repository at this point in the history 
* 1.4:
  Generate changelog for v1.4.7
  Generate changelog for v1.3.14
  Sanitize request input before passing it to expression language evaluator
  Sanitize request input before passing it to expression language evaluator
  • Loading branch information
@pamil
pamil committed Aug 18, 2020
2 parents beab269 + 063ab22 commit 34c75d0
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 2 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG-1.3.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
## CHANGELOG FOR `1.3.x`

### v1.3.14 (2020-08-18)

Security release:

- [CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language](https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv)
- [CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language](https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5)

### v1.3.13 (2020-01-27)

Security release:
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG-1.4.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
## CHANGELOG FOR `1.4.x`

### v1.4.7 (2020-08-18)

Security release:

- [CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language](https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv)
- [CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language](https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-h6m7-j4h3-9rf5)

### v1.4.6 (2020-01-27)

Security release:
Expand Down
2 changes: 1 addition & 1 deletion src/Bundle/Controller/ParametersParser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ private function parseRequestValueExpression(string $expression, Request $reques
));
}

return is_string($variable) ? sprintf('"%s"', $variable) : $variable;
return is_string($variable) ? sprintf('"%s"', addslashes($variable)) : $variable;
}, $expression);

return $this->expression->evaluate($expression, ['container' => $this->container]);
Expand Down
2 changes: 1 addition & 1 deletion src/Bundle/Grid/Parser/OptionsParser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ private function parseOptionExpression(string $expression, Request $request)
$expression = (string) preg_replace_callback('/\$(\w+)/', function (array $matches) use ($request) {
$variable = $request->get($matches[1]);

return is_string($variable) ? sprintf('"%s"', $variable) : $variable;
return is_string($variable) ? sprintf('"%s"', addslashes($variable)) : $variable;
}, $expression);

return $this->expression->evaluate($expression, ['container' => $this->container]);
Expand Down

0 comments on commit 34c75d0

Please sign in to comment.