makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-171] Use type cast helper for json data

Browse source 
SECURITY-171
This commit is contained in:
Marc Alexander 2014-11-16 11:09:53 +01:00
parent f719803fdc
commit da1888a7fa
1 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
phpBB/phpbb/version_helper.php
View file

@ -259,6 +259,13 @@ class version_helper
$info = json_decode($info, true); $info = json_decode($info, true);
// Sanitize any data we retrieve from a server
$json_sanitizer = function(&$value, $key) {
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
array_walk_recursive($info, $json_sanitizer);
if (empty($info['stable']) && empty($info['unstable'])) if (empty($info['stable']) && empty($info['unstable']))
{ {
$this->user->add_lang('acp/common'); $this->user->add_lang('acp/common');
@ -266,15 +273,6 @@ class version_helper
throw new \RuntimeException($this->user->lang('VERSIONCHECK_FAIL')); throw new \RuntimeException($this->user->lang('VERSIONCHECK_FAIL'));
} }
// Replace & with & on announcement links
foreach ($info as $stability => $branches)
{
foreach ($branches as $branch => $branch_data)
{
$info[$stability][$branch]['announcement'] = (!empty($branch_data['announcement'])) ? str_replace('&', '&', $branch_data['announcement']) : '';
}
}
$info['stable'] = (empty($info['stable'])) ? array() : $info['stable']; $info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];
$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable']; $info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];