Permalink
Browse files

Make sure all request parameters are used by the script, otherwise tr…

…igger the error 404 page (see #4277)
  • Loading branch information...
leofeyer committed Nov 26, 2012
1 parent a807b05 commit dd692d6329c26b11f50d0780f6ae071883eb6ae2
View
@@ -253,10 +253,14 @@ public function run()
break;
default:
- $objHandler->generate($objPage);
+ $objHandler->generate($objPage, true);
break;
}
+ // If we get here, something went wrong (see #4277)
+ $objHandler = new $GLOBALS['TL_PTY']['error_404']();
+ $objHandler->generate($pageId);
+
// Stop the script (see #4565)
exit;
}
@@ -52,8 +52,9 @@ public function parse()
/**
* Parse the template file, replace insert tags and print it to the screen
+ * @param boolean
*/
- public function output()
+ public function output($blnCheckRequest=false)
{
global $objPage;
@@ -85,11 +86,11 @@ public function output()
if ($GLOBALS['TL_CONFIG']['useAutoItem'] && in_array($key, $GLOBALS['TL_AUTO_ITEM']))
{
- $strParams .= '/' . \Input::get($key);
+ $strParams .= '/' . \Input::get($key, false, true);
}
else
{
- $strParams .= '/' . $key . '/' . \Input::get($key);
+ $strParams .= '/' . $key . '/' . \Input::get($key, false, true);
}
}
}
@@ -216,6 +217,12 @@ public function output()
$this->strBuffer = str_replace(array('{{request_token}}', '[{]', '[}]'), array(REQUEST_TOKEN, '{{', '}}'), $this->strBuffer);
$this->strBuffer = $this->replaceDynamicScriptTags($this->strBuffer); // see #4203
+ // Not all $_GET parameters have been used (see #4277)
+ if ($blnCheckRequest && \Input::hasUnusedGet())
+ {
+ return;
+ }
+
// Index page if searching is allowed and there is no back end user
if ($GLOBALS['TL_CONFIG']['enableSearch'] && $objPage->type == 'regular' && !BE_USER_LOGGED_IN && !$objPage->noSearch)
{
@@ -47,6 +47,12 @@ class Input
*/
protected static $arrCache = array();
+ /**
+ * Unused $_GET parameters
+ * @var array
+ */
+ protected static $arrUnusedGet = array();
+
/**
* Magic quotes setting
* @var boolean
@@ -65,6 +71,9 @@ public static function initialize()
// Only check magic quotes once (see #3438)
static::$blnMagicQuotes = function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc();
+
+ // Initialize the unused parameters (see #4277)
+ static::$arrUnusedGet = $_GET;
}
@@ -73,10 +82,11 @@ public static function initialize()
*
* @param string $strKey The variable name
* @param boolean $blnDecodeEntities If true, all entities will be decoded
+ * @param boolean $blnKeepUnused If true, the parameter will not be marked as used (see #4277)
*
* @return mixed The cleaned variable value
*/
- public static function get($strKey, $blnDecodeEntities=false)
+ public static function get($strKey, $blnDecodeEntities=false, $blnKeepUnused=false)
{
if (!isset($_GET[$strKey]))
{
@@ -100,6 +110,12 @@ public static function get($strKey, $blnDecodeEntities=false)
}
static::$arrCache[$strCacheKey][$strKey] = $varValue;
+
+ // Mark the parameter as used (see #4277)
+ if (!$blnKeepUnused)
+ {
+ unset(static::$arrUnusedGet[$strKey]);
+ }
}
return static::$arrCache[$strCacheKey][$strKey];
@@ -271,6 +287,7 @@ public static function setGet($strKey, $varValue)
else
{
$_GET[$strKey] = $varValue;
+ static::$arrUnusedGet[$strKey] = $varValue; // see #4277
}
}
@@ -335,6 +352,17 @@ public static function resetCache()
}
+ /**
+ * Return whether there are unused GET parameters
+ *
+ * @return boolean True if there are unused GET parameters
+ */
+ public static function hasUnusedGet()
+ {
+ return count(static::$arrUnusedGet) > 0;
+ }
+
+
/**
* Sanitize the variable names (thanks to Andreas Schempp)
*
@@ -63,8 +63,15 @@ public function generate()
*/
protected function compile()
{
+ // Mark the x and y parameter as used (see #4277)
+ if (isset($_GET['x']))
+ {
+ \Input::get('x');
+ \Input::get('y');
+ }
+
// Trigger the search module from a custom form
- if (!$_GET['keywords'] && \Input::post('FORM_SUBMIT') == 'tl_search')
+ if (!isset($_GET['keywords']) && \Input::post('FORM_SUBMIT') == 'tl_search')
{
$_GET['keywords'] = \Input::post('keywords');
$_GET['query_type'] = \Input::post('query_type');
@@ -31,8 +31,9 @@ class PageRegular extends \Frontend
/**
* Generate a regular page
* @param object
+ * @param boolean
*/
- public function generate($objPage)
+ public function generate($objPage, $blnCheckRequest=false)
{
$GLOBALS['TL_KEYWORDS'] = '';
$GLOBALS['TL_LANGUAGE'] = $objPage->language;
@@ -160,7 +161,7 @@ public function generate($objPage)
$this->createHeaderScripts($objPage, $objLayout);
// Print the template to the screen
- $this->Template->output();
+ $this->Template->output($blnCheckRequest);
}

0 comments on commit dd692d6

Please sign in to comment.