mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 18:37:30 +00:00
hardening requests
This commit is contained in:
parent
e057314795
commit
1e4da4850e
@ -1,6 +1,9 @@
|
||||
<?php
|
||||
namespace Froxlor\UI;
|
||||
|
||||
use Froxlor\PhpHelper;
|
||||
use voku\helper\AntiXSS;
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
* Copyright (c) 2010 the Froxlor Team (see authors).
|
||||
@ -13,11 +16,34 @@ namespace Froxlor\UI;
|
||||
* @author Froxlor team <team@froxlor.org> (2010-)
|
||||
* @author Maurice Preuß <hello@envoyr.com>
|
||||
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
|
||||
* @package API
|
||||
* @package Request
|
||||
*
|
||||
*/
|
||||
class Request
|
||||
{
|
||||
/**
|
||||
* Check for xss attempts and clean important globals and
|
||||
* unsetting every variable registered in $_REQUEST and as variable itself
|
||||
*/
|
||||
public static function cleanAll()
|
||||
{
|
||||
foreach ($_REQUEST as $key => $value) {
|
||||
if (isset($$key)) {
|
||||
unset($$key);
|
||||
}
|
||||
}
|
||||
unset($value);
|
||||
|
||||
$antiXss = new AntiXSS();
|
||||
|
||||
// check $_GET
|
||||
PhpHelper::cleanGlobal($_GET, $antiXss);
|
||||
// check $_POST
|
||||
PhpHelper::cleanGlobal($_POST, $antiXss);
|
||||
// check $_COOKIE
|
||||
PhpHelper::cleanGlobal($_COOKIE, $antiXss);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get key from current request.
|
||||
*
|
||||
@ -27,6 +53,8 @@ class Request
|
||||
*/
|
||||
public static function get($key, string $default = null)
|
||||
{
|
||||
self::cleanAll();
|
||||
|
||||
return $_GET[$key] ?? $_POST[$key] ?? $default;
|
||||
}
|
||||
|
||||
|
19
lib/init.php
19
lib/init.php
@ -67,27 +67,10 @@ UI::initTwig();
|
||||
|
||||
/**
|
||||
* Register Globals Security Fix
|
||||
* - unsetting every variable registered in $_REQUEST and as variable itself
|
||||
*/
|
||||
foreach ($_REQUEST as $key => $value) {
|
||||
if (isset($$key)) {
|
||||
unset($$key);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check for xss attempts and clean important globals
|
||||
*/
|
||||
$antiXss = new AntiXSS();
|
||||
// check $_GET
|
||||
PhpHelper::cleanGlobal($_GET, $antiXss);
|
||||
// check $_POST
|
||||
PhpHelper::cleanGlobal($_POST, $antiXss);
|
||||
// check $_COOKIE
|
||||
PhpHelper::cleanGlobal($_COOKIE, $antiXss);
|
||||
Request::cleanAll();
|
||||
|
||||
unset($_);
|
||||
unset($value);
|
||||
unset($key);
|
||||
|
||||
$filename = htmlentities(basename($_SERVER['SCRIPT_NAME']));
|
||||
|
Loading…
Reference in New Issue
Block a user