Mercurial > hg > isophonics-drupal-site

diff core/lib/Drupal/Core/Security/RequestSanitizer.php @ 15:e200cb7efeb3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Drupal core to 8.5.3 via Composer
author Chris Cannam
date Thu, 26 Apr 2018 11:26:54 +0100
parents 5fb285c0d0e3
children c2387f117808
line wrap: on
line diff
--- a/core/lib/Drupal/Core/Security/RequestSanitizer.php	Mon Apr 23 09:46:53 2018 +0100
+++ b/core/lib/Drupal/Core/Security/RequestSanitizer.php	Thu Apr 26 11:26:54 2018 +0100
@@ -2,6 +2,8 @@
 
 namespace Drupal\Core\Security;
 
+use Drupal\Component\Utility\UrlHelper;
+use Symfony\Component\HttpFoundation\ParameterBag;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
@@ -39,28 +41,18 @@
    */
   public static function sanitize(Request $request, $whitelist, $log_sanitized_keys = FALSE) {
     if (!$request->attributes->get(self::SANITIZED, FALSE)) {
-      // Process query string parameters.
-      $get_sanitized_keys = [];
-      $request->query->replace(static::stripDangerousValues($request->query->all(), $whitelist, $get_sanitized_keys));
-      if ($log_sanitized_keys && !empty($get_sanitized_keys)) {
-        trigger_error(sprintf('Potentially unsafe keys removed from query string parameters (GET): %s', implode(', ', $get_sanitized_keys)));
+      $update_globals = FALSE;
+      $bags = [
+        'query' => 'Potentially unsafe keys removed from query string parameters (GET): %s',
+        'request' => 'Potentially unsafe keys removed from request body parameters (POST): %s',
+        'cookies' => 'Potentially unsafe keys removed from cookie parameters: %s',
+      ];
+      foreach ($bags as $bag => $message) {
+        if (static::processParameterBag($request->$bag, $whitelist, $log_sanitized_keys, $bag, $message)) {
+          $update_globals = TRUE;
+        }
       }
-
-      // Request body parameters.
-      $post_sanitized_keys = [];
-      $request->request->replace(static::stripDangerousValues($request->request->all(), $whitelist, $post_sanitized_keys));
-      if ($log_sanitized_keys && !empty($post_sanitized_keys)) {
-        trigger_error(sprintf('Potentially unsafe keys removed from request body parameters (POST): %s', implode(', ', $post_sanitized_keys)));
-      }
-
-      // Cookie parameters.
-      $cookie_sanitized_keys = [];
-      $request->cookies->replace(static::stripDangerousValues($request->cookies->all(), $whitelist, $cookie_sanitized_keys));
-      if ($log_sanitized_keys && !empty($cookie_sanitized_keys)) {
-        trigger_error(sprintf('Potentially unsafe keys removed from cookie parameters: %s', implode(', ', $cookie_sanitized_keys)));
-      }
-
-      if (!empty($get_sanitized_keys) || !empty($post_sanitized_keys) || !empty($cookie_sanitized_keys)) {
+      if ($update_globals) {
         $request->overrideGlobals();
       }
       $request->attributes->set(self::SANITIZED, TRUE);
@@ -69,6 +61,72 @@
   }
 
   /**
+   * Processes a request parameter bag.
+   *
+   * @param \Symfony\Component\HttpFoundation\ParameterBag $bag
+   *   The parameter bag to process.
+   * @param string[] $whitelist
+   *   An array of keys to whitelist as safe.
+   * @param bool $log_sanitized_keys
+   *   Set to TRUE to log keys that are sanitized.
+   * @param string $bag_name
+   *   The request parameter bag name. Either 'query', 'request' or 'cookies'.
+   * @param string $message
+   *   The message to log if the parameter bag contains keys that are removed.
+   *   If the message contains %s that is replaced by a list of removed keys.
+   *
+   * @return bool
+   *   TRUE if the parameter bag has been sanitized, FALSE if not.
+   */
+  protected static function processParameterBag(ParameterBag $bag, $whitelist, $log_sanitized_keys, $bag_name, $message) {
+    $sanitized = FALSE;
+    $sanitized_keys = [];
+    $bag->replace(static::stripDangerousValues($bag->all(), $whitelist, $sanitized_keys));
+    if (!empty($sanitized_keys)) {
+      $sanitized = TRUE;
+      if ($log_sanitized_keys) {
+        trigger_error(sprintf($message, implode(', ', $sanitized_keys)));
+      }
+    }
+
+    if ($bag->has('destination')) {
+      $destination_dangerous_keys = static::checkDestination($bag->get('destination'), $whitelist);
+      if (!empty($destination_dangerous_keys)) {
+        // The destination is removed rather than sanitized because the URL
+        // generator service is not available and this method is called very
+        // early in the bootstrap.
+        $bag->remove('destination');
+        $sanitized = TRUE;
+        if ($log_sanitized_keys) {
+          trigger_error(sprintf('Potentially unsafe destination removed from %s parameter bag because it contained the following keys: %s', $bag_name, implode(', ', $destination_dangerous_keys)));
+        }
+      }
+    }
+    return $sanitized;
+  }
+
+  /**
+   * Checks a destination string to see if it is dangerous.
+   *
+   * @param string $destination
+   *   The destination string to check.
+   * @param array $whitelist
+   *   An array of keys to whitelist as safe.
+   *
+   * @return array
+   *   The dangerous keys found in the destination parameter.
+   */
+  protected static function checkDestination($destination, array $whitelist) {
+    $dangerous_keys = [];
+    $parts = UrlHelper::parse($destination);
+    // If there is a query string, check its query parameters.
+    if (!empty($parts['query'])) {
+      static::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys);
+    }
+    return $dangerous_keys;
+  }
+
+  /**
    * Strips dangerous keys from $input.
    *
    * @param mixed $input