From d2707dd055538298bd3ccced73ddcfb08d353986 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Fri, 12 May 2017 21:50:05 +0200 Subject: Catch incorrect POST parameters (array vs string) Signed-off-by: Florian Pritz --- application/controllers/api/v2/file.php | 4 ++-- application/controllers/file/file_default.php | 10 ++++---- application/controllers/file/multipaste.php | 6 ++--- application/core/MY_Input.php | 34 +++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 application/core/MY_Input.php (limited to 'application') diff --git a/application/controllers/api/v2/file.php b/application/controllers/api/v2/file.php index 6eb0ae43b..6f95d5525 100644 --- a/application/controllers/api/v2/file.php +++ b/application/controllers/api/v2/file.php @@ -71,14 +71,14 @@ class file extends \controllers\api\api_controller { public function delete() { $this->muser->require_access("apikey"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); return \service\files::delete($ids); } public function create_multipaste() { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $userid = $this->muser->get_userid(); $limits = $this->muser->get_upload_id_limits(); diff --git a/application/controllers/file/file_default.php b/application/controllers/file/file_default.php index 2a26c380c..f4f106990 100644 --- a/application/controllers/file/file_default.php +++ b/application/controllers/file/file_default.php @@ -565,7 +565,7 @@ class File_default extends MY_Controller { private function _append_multipaste_queue() { - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); if ($ids === false) { $ids = []; } @@ -658,7 +658,7 @@ class File_default extends MY_Controller { { $this->muser->require_access("apikey"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $ret = \service\files::delete($ids); @@ -675,7 +675,7 @@ class File_default extends MY_Controller { { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); $userid = $this->muser->get_userid(); $limits = $this->muser->get_upload_id_limits(); @@ -690,8 +690,8 @@ class File_default extends MY_Controller { public function do_websubmit() { $files = getNormalizedFILES(); - $contents = $this->input->post("content"); - $filenames = $this->input->post("filename"); + $contents = $this->input->post_array("content"); + $filenames = $this->input->post_array("filename"); if (!is_array($filenames) || !is_array($contents)) { throw new \exceptions\UserInputException('file/websubmit/invalid-form', 'The submitted POST form is invalid'); diff --git a/application/controllers/file/multipaste.php b/application/controllers/file/multipaste.php index 759a781f0..50367697c 100644 --- a/application/controllers/file/multipaste.php +++ b/application/controllers/file/multipaste.php @@ -19,7 +19,7 @@ class Multipaste extends MY_Controller { public function append_multipaste_queue() { $this->muser->require_access("basic"); - $ids = $this->input->post("ids"); + $ids = $this->input->post_array("ids"); if ($ids === false) { $ids = []; } @@ -55,7 +55,7 @@ class Multipaste extends MY_Controller { public function form_submit() { $this->muser->require_access("basic"); - $ids = $this->input->post('ids'); + $ids = $this->input->post_array('ids'); $process = $this->input->post('process'); if ($ids === false) { @@ -87,7 +87,7 @@ class Multipaste extends MY_Controller { public function ajax_submit() { $this->muser->require_access("basic"); - $ids = $this->input->post('ids'); + $ids = $this->input->post_array('ids'); if ($ids === false) { $ids = []; diff --git a/application/core/MY_Input.php b/application/core/MY_Input.php new file mode 100644 index 000000000..ef7af5528 --- /dev/null +++ b/application/core/MY_Input.php @@ -0,0 +1,34 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +class MY_Input extends CI_Input { + public function post($key = null, $xss_clean = false) { + $ret = parent::post($key, $xss_clean); + if (is_array($ret) || is_object($ret)) { + $data = [ + "key" => $key, + "ret" => $ret + ]; + if (preg_match("/^[a-zA-Z0-9_\.-]+$/", $key)) { + throw new \exceptions\UserInputException("input/invalid-form-field", "Invalid input in field $key", $data); + } else { + throw new \exceptions\UserInputException("input/invalid-form-field", "Invalid input", $data); + } + } + return $ret; + } + + public function post_array($key) { + $ret = parent::post($key); + if (!is_array($ret)) { + throw new \exceptions\UserInputException("input/invalid-form-field", "Invalid input", $data); + } + return $ret; + } +} -- cgit v1.2.3-24-g4f1b