From 558aff46cd7a94ad6c00bd2c8b4a4fa0b99ba8a9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 8 Aug 2014 17:07:19 +0200 Subject: [PATCH 1/2] [ticket/security-155] Cast the types of string values in the controller routes SECURITY-155 --- phpBB/phpbb/controller/resolver.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/phpBB/phpbb/controller/resolver.php b/phpBB/phpbb/controller/resolver.php index efab34b701..02b08a2847 100644 --- a/phpBB/phpbb/controller/resolver.php +++ b/phpBB/phpbb/controller/resolver.php @@ -40,6 +40,12 @@ class resolver implements ControllerResolverInterface */ protected $template; + /** + * Requst type cast helper object + * @var \phpbb\request\type_cast_helper + */ + protected $type_cast_helper; + /** * phpBB root path * @var string @@ -59,6 +65,7 @@ class resolver implements ControllerResolverInterface $this->user = $user; $this->container = $container; $this->template = $template; + $this->type_cast_helper = new \phpbb\request\type_cast_helper(); $this->phpbb_root_path = $phpbb_root_path; } @@ -138,7 +145,16 @@ class resolver implements ControllerResolverInterface { if (array_key_exists($param->name, $attributes)) { - $arguments[] = $attributes[$param->name]; + if (is_string($attributes[$param->name])) + { + $value = $attributes[$param->name]; + $this->type_cast_helper->set_var($value, $attributes[$param->name], 'string', true, false); + $arguments[] = $value; + } + else + { + $arguments[] = $attributes[$param->name]; + } } else if ($param->getClass() && $param->getClass()->isInstance($request)) { From e6f43f5974e5f55776978fc22712b1dd29e83f9e Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 9 Aug 2014 01:45:26 +0200 Subject: [PATCH 2/2] [ticket/security-155] Fix spelling error in comment SECURITY-155 --- phpBB/phpbb/controller/resolver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/controller/resolver.php b/phpBB/phpbb/controller/resolver.php index 02b08a2847..948a6a218c 100644 --- a/phpBB/phpbb/controller/resolver.php +++ b/phpBB/phpbb/controller/resolver.php @@ -41,7 +41,7 @@ class resolver implements ControllerResolverInterface protected $template; /** - * Requst type cast helper object + * Request type cast helper object * @var \phpbb\request\type_cast_helper */ protected $type_cast_helper;