Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Removing unserialize() as its dangerous. Instead using | delimited fi…

…elds for locked fields. This totally avoids issues with serialize(). Removing str_rot13, as its only child proof.

Tests updated.
  • Loading branch information...
commit ae7855692d131241f06ba78a837de536508f73f1 1 parent ef3cb0e
@markstory markstory authored
View
6 cake/libs/controller/components/security.php
@@ -618,15 +618,11 @@ function _validatePost(&$controller) {
}
unset($check['_Token']);
- $locked = str_rot13($locked);
- if (preg_match('/(\A|;|{|})O\:[0-9]+/', $locked)) {
- return false;
- }
+ $locked = explode('|', $locked);
$lockedFields = array();
$fields = Set::flatten($check);
$fieldList = array_keys($fields);
- $locked = unserialize($locked);
$multi = array();
foreach ($fieldList as $i => $key) {
View
50 cake/tests/cases/libs/controller/components/security.test.php
@@ -573,8 +573,7 @@ function testRequireLoginAllActions() {
function testValidatePost() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%3B';
- $fields .= 'f%3A11%3A%22Zbqry.inyvq%22%3B%7D';
+ $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
$this->Controller->data = array(
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
@@ -591,8 +590,7 @@ function testValidatePost() {
function testValidatePostFormHacking() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%3B';
- $fields .= 'f%3A11%3A%22Zbqry.inyvq%22%3B%7D';
+ $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
$this->Controller->data = array(
'Model' => array('username' => 'nate', 'password' => 'foo', 'valid' => '0'),
@@ -641,7 +639,7 @@ function testValidatePostObjectDeserialize() {
function testValidatePostArray() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'f7d573650a295b94e0938d32b323fde775e5f32b%3An%3A0%3A%7B%7D';
+ $fields = 'f7d573650a295b94e0938d32b323fde775e5f32b%3A';
$this->Controller->data = array(
'Model' => array('multi_field' => array('1', '3')),
@@ -659,7 +657,7 @@ function testValidatePostArray() {
function testValidatePostNoModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '540ac9c60d323c22bafe997b72c0790f39a8bdef%3An%3A0%3A%7B%7D';
+ $fields = '540ac9c60d323c22bafe997b72c0790f39a8bdef%3A';
$this->Controller->data = array(
'anything' => 'some_data',
@@ -679,7 +677,7 @@ function testValidatePostNoModel() {
function testValidatePostSimple() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '69f493434187b867ea14b901fdf58b55d27c935d%3An%3A0%3A%7B%7D';
+ $fields = '69f493434187b867ea14b901fdf58b55d27c935d%3A';
$this->Controller->data = $data = array(
'Model' => array('username' => '', 'password' => ''),
@@ -699,8 +697,7 @@ function testValidatePostSimple() {
function testValidatePostComplex() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'c9118120e680a7201b543f562e5301006ccfcbe2%3An%3A2%3A%7Bv%3A0%3Bf%3A14%3A%';
- $fields .= '22Nqqerffrf.0.vq%22%3Bv%3A1%3Bf%3A14%3A%22Nqqerffrf.1.vq%22%3B%7D';
+ $fields = 'c9118120e680a7201b543f562e5301006ccfcbe2%3AAddresses.0.id%7CAddresses.1.id';
$this->Controller->data = array(
'Addresses' => array(
@@ -727,7 +724,7 @@ function testValidatePostComplex() {
function testValidatePostMultipleSelect() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '422cde416475abc171568be690a98cad20e66079%3An%3A0%3A%7B%7D';
+ $fields = '422cde416475abc171568be690a98cad20e66079%3A';
$this->Controller->data = array(
'Tag' => array('Tag' => array(1, 2)),
@@ -750,7 +747,7 @@ function testValidatePostMultipleSelect() {
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
- $fields = '19464422eafe977ee729c59222af07f983010c5f%3An%3A0%3A%7B%7D';
+ $fields = '19464422eafe977ee729c59222af07f983010c5f%3A';
$this->Controller->data = array(
'User.password' => 'bar', 'User.name' => 'foo', 'User.is_valid' => '1',
'Tag' => array('Tag' => array(1)), '_Token' => compact('key', 'fields'),
@@ -771,8 +768,7 @@ function testValidatePostMultipleSelect() {
function testValidatePostCheckbox() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3An%3A1%3A%7Bv%3A0%';
- $fields .= '3Bf%3A11%3A%22Zbqry.inyvq%22%3B%7D';
+ $fields = 'a5475372b40f6e3ccbf9f8af191f20e1642fd877%3AModel.valid';
$this->Controller->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
@@ -782,7 +778,7 @@ function testValidatePostCheckbox() {
$result = $this->Controller->Security->validatePost($this->Controller);
$this->assertTrue($result);
- $fields = '874439ca69f89b4c4a5f50fb9c36ff56a28f5d42%3An%3A0%3A%7B%7D';
+ $fields = '874439ca69f89b4c4a5f50fb9c36ff56a28f5d42%3A';
$this->Controller->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
@@ -815,8 +811,8 @@ function testValidatePostCheckbox() {
function testValidatePostHidden() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '51ccd8cb0997c7b3d4523ecde5a109318405ef8c%3An%3A2%3A%7Bv%3A0%3Bf%3A12%3A';
- $fields .= '%22Zbqry.uvqqra%22%3Bv%3A1%3Bf%3A18%3A%22Zbqry.bgure_uvqqra%22%3B%7D';
+ $fields = '51ccd8cb0997c7b3d4523ecde5a109318405ef8c%3AModel.hidden%7CModel.other_hidden';
+ $fields .= '';
$this->Controller->data = array(
'Model' => array(
@@ -839,8 +835,7 @@ function testValidatePostWithDisabledFields() {
$this->Controller->Security->disabledFields = array('Model.username', 'Model.password');
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'ef1082968c449397bcd849f963636864383278b1%3An%3A1%3A%7Bv%';
- $fields .= '3A0%3Bf%3A12%3A%22Zbqry.uvqqra%22%3B%7D';
+ $fields = 'ef1082968c449397bcd849f963636864383278b1%3AModel.hidden';
$this->Controller->data = array(
'Model' => array(
@@ -862,9 +857,7 @@ function testValidatePostWithDisabledFields() {
function testValidateHiddenMultipleModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = 'a2d01072dc4660eea9d15007025f35a7a5b58e18%3An%3A3%3A%7Bv%3A0%3Bf%3A11';
- $fields .= '%3A%22Zbqry.inyvq%22%3Bv%3A1%3Bf%3A12%3A%22Zbqry2.inyvq%22%3Bv%3A2%';
- $fields .= '3Bf%3A12%3A%22Zbqry3.inyvq%22%3B%7D';
+ $fields = 'a2d01072dc4660eea9d15007025f35a7a5b58e18%3AModel.valid%7CModel2.valid%7CModel3.valid';
$this->Controller->data = array(
'Model' => array('username' => '', 'password' => '', 'valid' => '0'),
@@ -895,9 +888,8 @@ function testLoginValidation() {
function testValidateHasManyModel() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3An%3A4%3A%7Bv%3A0%3Bf%3A14%3A%2';
- $fields .= '2Zbqry.0.uvqqra%22%3Bv%3A1%3Bf%3A13%3A%22Zbqry.0.inyvq%22%3Bv%3A2%3Bf%3';
- $fields .= 'A14%3A%22Zbqry.1.uvqqra%22%3Bv%3A3%3Bf%3A13%3A%22Zbqry.1.inyvq%22%3B%7D';
+ $fields = '51e3b55a6edd82020b3f29c9ae200e14bbeb7ee5%3AModel.0.hidden%7CModel.0.valid';
+ $fields .= '%7CModel.1.hidden%7CModel.1.valid';
$this->Controller->data = array(
'Model' => array(
@@ -926,9 +918,8 @@ function testValidateHasManyModel() {
function testValidateHasManyRecordsPass() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3An%3A4%3A%7Bv%3A0%3Bf%3A12%3A%2';
- $fields .= '2Nqqerff.0.vq%22%3Bv%3A1%3Bf%3A17%3A%22Nqqerff.0.cevznel%22%3Bv%3A2%3Bf%';
- $fields .= '3A12%3A%22Nqqerff.1.vq%22%3Bv%3A3%3Bf%3A17%3A%22Nqqerff.1.cevznel%22%3B%7D';
+ $fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3AAddress.0.id%7CAddress.0.primary%7C';
+ $fields .= 'Address.1.id%7CAddress.1.primary';
$this->Controller->data = array(
'Address' => array(
@@ -971,9 +962,8 @@ function testValidateHasManyRecordsPass() {
function testValidateHasManyRecordsFail() {
$this->Controller->Security->startup($this->Controller);
$key = $this->Controller->params['_Token']['key'];
- $fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3An%3A4%3A%7Bv%3A0%3Bf%3A12%3A%2';
- $fields .= '2Nqqerff.0.vq%22%3Bv%3A1%3Bf%3A17%3A%22Nqqerff.0.cevznel%22%3Bv%3A2%3Bf%';
- $fields .= '3A12%3A%22Nqqerff.1.vq%22%3Bv%3A3%3Bf%3A17%3A%22Nqqerff.1.cevznel%22%3B%7D';
+ $fields = '7a203edb3d345bbf38fe0dccae960da8842e11d7%3AAddress.0.id%7CAddress.0.primary%7C';
+ $fields .= 'Address.1.id%7CAddress.1.primary';
$this->Controller->data = array(
'Address' => array(
Please sign in to comment.
Something went wrong with that request. Please try again.