Merge pull request joomla#60 from realityking/secruity

Secruity
gpongelli · Jun 23, 2011 · 92c9560 · 92c9560
2 parents b409d91 + 5e2c2e5
commit 92c9560
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 4 deletions.
diff --git a/libraries/joomla/environment/request.php b/libraries/joomla/environment/request.php
@@ -158,7 +158,7 @@ public static function getVar($name, $default = null, $hash = 'default', $type =
 
 	/**
 	 * Fetches and returns a given filtered variable. The integer
-	 * filter will allow only digits to be returned. This is currently
+	 * filter will allow only digits ant the - sign to be returned. This is currently
 	 * only a proxy function for getVar().
 	 *
 	 * See getVar() for more in-depth documentation on the parameters.
@@ -175,6 +175,25 @@ public static function getInt($name, $default = 0, $hash = 'default')
 		return self::getVar($name, $default, $hash, 'int');
 	}
 
+	/**
+	 * Fetches and returns a given filtered variable. The unsigned integer
+	 * filter will allow only digits to be returned. This is currently
+	 * only a proxy function for getVar().
+	 *
+	 * See getVar() for more in-depth documentation on the parameters.
+	 *
+	 * @param       string  $name           Variable name.
+	 * @param       string  $default        Default value if the variable does not exist.
+	 * @param       string  $hash           Where the var should come from (POST, GET, FILES, COOKIE, METHOD).
+	 *
+	 * @return      integer Requested variable.
+	 * @since       11.1
+	 */
+	public static function getUInt($name, $default = 0, $hash = 'default')
+	{
+		return self::getVar($name, $default, $hash, 'uint');
+	}
+
 	/**
 	 * Fetches and returns a given filtered variable.  The float
 	 * filter only allows digits and periods.  This is currently

diff --git a/libraries/joomla/filter/filterinput.php b/libraries/joomla/filter/filterinput.php
@@ -129,8 +129,8 @@ public static function &getInstance($tagsArray = array(), $attrArray = array(),
 	 * Method to be called by another php script. Processes for XSS and
 	 * specified bad code.
 	 *
-	 * @param   mixed   $source  Input string/array-of-string to be 'cleaned'
-	 * @param   string  $type     Return type for the variable (INT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
+	 * @param   mixed   $source	Input string/array-of-string to be 'cleaned'
+	 * @param   string  $type	Return type for the variable (INT, UINT, FLOAT, BOOLEAN, WORD, ALNUM, CMD, BASE64, STRING, ARRAY, PATH, NONE)
 	 *
 	 * @return  mixed  'Cleaned' version of input parameter
 	 *
@@ -148,6 +148,12 @@ public function clean($source, $type='string')
 				$result = @ (int) $matches[0];
 				break;
 
+			case 'UINT' :
+				// Only use the first integer value
+				preg_match('/-?[0-9]+/', (string) $source, $matches);
+				$result = @ abs((int) $matches[0]);
+				break;
+
 			case 'FLOAT' :
 			case 'DOUBLE' :
 				// Only use the first floating point value

diff --git a/libraries/joomla/methods.php b/libraries/joomla/methods.php
@@ -80,7 +80,7 @@ public static function _($url, $xhtml = true, $ssl = null)
 		}
 
 		if ($xhtml) {
-			$url = str_replace('&', '&amp;', $url);
+			$url = htmlspecialchars($url);
 		}
 
 		return $url;