Issue 3495006: Added validation to confirm array index exists and contains the...
1 open thread
Issue 3495006: Added validation to confirm array index exists and contains the proper type of data before attempting to uncompress it.
Closes #3495006
Merge request reports
Activity
67 67 * changed to be uncompressed. 68 68 */ 69 69 private function parseAjaxPageState(array $ajax_page_state): array { 70 $ajax_page_state['libraries'] = UrlHelper::uncompressQueryParameter($ajax_page_state['libraries']); 70 if (isset($ajax_page_state['libraries']) && is_string($ajax_page_state['libraries'])) { 71 $ajax_page_state['libraries'] = UrlHelper::uncompressQueryParameter($ajax_page_state['libraries']); 72 } - Comment on lines -70 to +72
If we not only check that it's a string but also reset it from the original array, we will prevent the propagation of a 'bad' value further:
50 if (isset($ajax_page_state['libraries']) && is_string($ajax_page_state['libraries'])) { 51 $ajax_page_state['libraries'] = UrlHelper::uncompressQueryParameter($ajax_page_state['libraries']); 52 } 50 $libraries = ''; 51 if (isset($ajax_page_state['libraries']) && is_string($ajax_page_state['libraries'])) { 52 $libraries = UrlHelper::uncompressQueryParameter($ajax_page_state['libraries']); 53 } 54 $ajax_page_state['libraries'] = $libraries;
Please register or sign in to reply