Permalink
Browse files

Backport of fixes from SA-CORE-2018-002

  • Loading branch information...
dsnopek committed Mar 27, 2018
1 parent ec21834 commit d013345ae0776a370f4a17da4e1a2162a9001c37
Showing with 55 additions and 0 deletions.
  1. +55 −0 includes/bootstrap.inc
@@ -1142,6 +1142,7 @@ function _drupal_bootstrap($phase) {
timer_start('page');
// Initialize the configuration
conf_init();
_drupal_bootstrap_sanitize_request();
break;
case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
@@ -1603,3 +1604,57 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
} while ($before != $string);
return check_plain($string);
}
/**
* Sanitizes unsafe keys from the request.
*/
function _drupal_bootstrap_sanitize_request() {
global $conf;
static $sanitized;
if (!$sanitized) {
// Ensure the whitelist array exists.
if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
$conf['sanitize_input_whitelist'] = array();
}
$sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
$sanitized_keys = array_unique($sanitized_keys);
if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
}
$sanitized = TRUE;
}
}
/**
* Sanitizes unsafe keys from user input.
*
* @param mixed $input
* Input to sanitize.
* @param array $whitelist
* Whitelist of values.
* @return array
*/
function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
$sanitized_keys = array();
if (is_array($input)) {
foreach ($input as $key => $value) {
if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
unset($input[$key]);
$sanitized_keys[] = $key;
}
elseif (is_array($input[$key])) {
$sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
}
}
}
return $sanitized_keys;
}

0 comments on commit d013345

Please sign in to comment.