Backport of fixes from SA-CORE-2018-002

d6lts · Mar 27, 2018 · d013345 · d013345
1 parent ec21834
commit d013345
Showing 1 changed file with 55 additions and 0 deletions.
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
@@ -1142,6 +1142,7 @@ function _drupal_bootstrap($phase) {
       timer_start('page');
       // Initialize the configuration
       conf_init();
+      _drupal_bootstrap_sanitize_request();
       break;
 
     case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
@@ -1603,3 +1604,57 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
   } while ($before != $string);
   return check_plain($string);
 }
+
+/**
+ * Sanitizes unsafe keys from the request.
+ */
+function _drupal_bootstrap_sanitize_request() {
+  global $conf;
+  static $sanitized;
+
+  if (!$sanitized) {
+    // Ensure the whitelist array exists.
+    if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
+      $conf['sanitize_input_whitelist'] = array();
+    }
+
+    $sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
+    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
+    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
+    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
+    $sanitized_keys = array_unique($sanitized_keys);
+
+    if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
+      trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
+    }
+
+    $sanitized = TRUE;
+  }
+}
+
+/**
+ * Sanitizes unsafe keys from user input.
+ *
+ * @param mixed $input
+ *   Input to sanitize.
+ * @param array $whitelist
+ *   Whitelist of values.
+ * @return array
+ */
+function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
+  $sanitized_keys = array();
+
+  if (is_array($input)) {
+    foreach ($input as $key => $value) {
+      if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
+        unset($input[$key]);
+        $sanitized_keys[] = $key;
+      }
+      elseif (is_array($input[$key])) {
+        $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
+      }
+    }
+  }
+
+  return $sanitized_keys;
+}