hardening: standardize input handling with request variable wrappers (#6865) (#6866)

* hardening: standardize input handling with request variable wrappers (#6865)

* fix: use !isempty_request_var() for language check to match !empty() semantics

isrv() (isset) returns true for empty strings, while the original
!empty() returned false. This caused repair_locale() and apply_locale()
to be called with empty language strings.

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

---------

Signed-off-by: Thomas Vincent <thomasvincent@gmail.com>

Author: somethingwithproof

include/global.php

@@ -397,7 +397,7 @@
 			print $li . 'the credentials in config.php are valid.' . $il;
 			print $lu . $sp;
 
-			if (isset($_REQUEST['display_db_errors']) && !empty($config['DATABASE_ERROR'])) { // @phpstan-ignore-line
+			if (isrv('display_db_errors') && !empty($config['DATABASE_ERROR'])) { // @phpstan-ignore-line
 				print $ps . 'The following database errors occurred: ' . $ul;
 
 				foreach ($config['DATABASE_ERROR'] as $e) { // @phpstan-ignore-line
@@ -419,7 +419,7 @@
 			print $li . 'the credentials in config.php are valid and correct.' . $il;
 			print $lu . $sp;
 
-			if (isset($_REQUEST['display_db_errors']) && !empty($config['DATABASE_ERROR'])) { // @phpstan-ignore-line
+			if (isrv('display_db_errors') && !empty($config['DATABASE_ERROR'])) { // @phpstan-ignore-line
 				print $ps . 'The following database errors occurred: ' . $ul;
 
 				foreach ($config['DATABASE_ERROR'] as $e) { // @phpstan-ignore-line

include/global_languages.php

@@ -44,19 +44,19 @@
 
 // Repair legacy language support
 if (!empty($config['i18n_force_language'])) {
-	$_REQUEST['language'] = $config['i18n_force_language'];
+	set_request_var('language', $config['i18n_force_language']);
 }
 
-if (!empty($_REQUEST['language'])) {
-	$_REQUEST['language'] = repair_locale($_REQUEST['language']);
+if (!isempty_request_var('language')) {
+	set_request_var('language', repair_locale(grv('language')));
 }
 
 // determine whether or not we can support the language
 $user_locale = '';
 
-if (!empty($_REQUEST['language']) && !empty($lang2locale[$_REQUEST['language']])) {
+if (!isempty_request_var('language') && !empty($lang2locale[grv('language')])) {
 	// user requests another language
-	$user_locale = apply_locale($_REQUEST['language']);
+	$user_locale = apply_locale(grv('language'));
 	unset($_SESSION['sess_current_date1']);
 	unset($_SESSION['sess_current_date2']);
 

oauth2.php

@@ -89,25 +89,23 @@
 		die('Provider missing');
 }
 
-if (!isset($_GET['code'])) { // If we don't have an authorization code then get one
+if (!isrv('code')) { // If we don't have an authorization code then get one
 	$authUrl                 = $provider->getAuthorizationUrl($options);
 	$_SESSION['oauth2state'] = $provider->getState();
-	header('Location: ' . $authUrl);
-
-	exit;
+	cacti_redirect($authUrl, false);
 
 	// Check given state against previously stored one to mitigate CSRF attack
 }
 
-if (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && ($_GET['state'] !== $_SESSION['oauth2state']))) {
+if (isempty_request_var('state') || (isset($_SESSION['oauth2state']) && (grv('state') !== $_SESSION['oauth2state']))) {
 	unset($_SESSION['oauth2state']);
 
 	exit('Invalid state');
 } else { // Try to get an access token (using the authorization code grant)
 	$token = $provider->getAccessToken(
 		'authorization_code',
 		[
-			'code' => $_GET['code']
+			'code' => grv('code')
 		]
 	);