makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/controller] Correctly create Symfony object from globals

Browse source 
PHPBB3-10864
This commit is contained in:
David King 2012-11-19 11:47:42 -05:00
parent e2bf66d065
commit 3004350281
1 changed files with 34 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
phpBB/includes/functions.php
View file

@ -5434,41 +5434,47 @@ function phpbb_to_numeric($input)
} }
/** /**
* Create a Symfony Request object from a given URI and phpbb_request object * Create a Symfony Request object from phpbb_request object
* *
* Note that everything passed into the Request object has already been HTML
* escaped by the phpbb_request object.
*
* @param string $uri Request URI
* @param phpbb_request $request Request object * @param phpbb_request $request Request object
* @return Request A Symfony Request object * @return Request A Symfony Request object
*/ */
function phpbb_create_symfony_request($uri, phpbb_request $request) function phpbb_create_symfony_request(phpbb_request $request)
{ {
$request_method = $request->server('REQUEST_METHOD'); // This function is meant to sanitize the global input arrays
$parameter_names = array(); $sanitizer = function(&$value, $key) {
$parameter_names['request'] = array_merge( $type_cast_helper = new phpbb_request_type_cast_helper();
$request->variable_names(phpbb_request_interface::GET), $type_cast_helper->set_var($value, $value, gettype($value), true);
// POST overwrites duplicated GET parameters };
$request->variable_names(phpbb_request_interface::POST)
);
$parameter_names['server'] = $request->variable_names(phpbb_request_interface::SERVER);
$parameter_names['files'] = $request->variable_names(phpbb_request_interface::FILES);
$parameter_names['cookie'] = $request->variable_names(phpbb_request_interface::COOKIE);
$parameters = array( // We need to re-enable the super globals so we can access them here
'request' => array(), $request->enable_super_globals();
'cookie' => array(), $get_parameters = $_GET;
'files' => array(), $post_parameters = $_POST;
'server' => array(), $server_parameters = $_SERVER;
); $files_parameters = $_FILES;
foreach ($parameter_names as $type => $names) $cookie_parameters = $_COOKIE;
// And now disable them again for security
$request->disable_super_globals();
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
// Until we fix the issue with relative paths, we have to fake path info
// to allow urls like app.php?controller=foo/bar
$controller = $request->variable('controller', '');
$path_info = '/' . $controller;
$request_uri = $server_parameters['REQUEST_URI'];
// Remove the query string from REQUEST_URI
if ($pos = strpos($request_uri, '?'))
{ {
foreach ($names as $name) $request_uri = substr($request_uri, 0, $pos);
{
$parameters[$type][$name] = $request->variable($name, '');
}
} }
return Request::create($uri, $request_method, $parameters['request'], $parameters['cookie'], $parameters['files'], $parameters['server']); // Add the path info (i.e. controller route) to the REQUEST_URI
$server_parameters['REQUEST_URI'] = $request_uri . $path_info;
$server_parameters['SCRIPT_NAME'] = '';
return new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
} }