Skip to content

Commit 9449948

Browse files
somethingwithproofTheWitness
somethingwithproof
and
TheWitness
authored
fix(hardening): replace raw $_REQUEST with input wrapper functions (#6959)
* fix(hardening): replace raw $_REQUEST with input wrapper functions Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> * fix: preserve isset semantics for display_db_errors parameter Use isset_request_var() instead of !isempty_request_var() to match the original isset($_REQUEST[...]) behavior. The parameter may be present with an empty value (?display_db_errors) and should still trigger error display. Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> --------- Signed-off-by: Thomas Vincent <thomasvincent@gmail.com> Co-authored-by: TheWitness <thewitness@cacti.net>
1 parent fa996d5 commit 9449948

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

include/global.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -371,7 +371,7 @@
371371
print $li . 'the database is running.' . $il;
372372
print $li . 'the credentials in config.php are valid.' . $il;
373373
print $lu . $sp;
374-
if (isset($_REQUEST['display_db_errors']) && !empty($config['DATABASE_ERROR'])) {
374+
if (isset_request_var('display_db_errors') && !empty($config['DATABASE_ERROR'])) {
375375
print $ps . 'The following database errors occurred: ' . $ul;
376376
foreach ($config['DATABASE_ERROR'] as $e) {
377377
print $li . $e['Code'] . ': ' . $e['Error'] . $il;

include/global_languages.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -43,19 +43,19 @@
4343

4444
/* Repair legacy language support */
4545
if (!empty($config['i18n_force_language'])) {
46-
$_REQUEST['language'] = $config['i18n_force_language'];
46+
set_request_var('language', $config['i18n_force_language']);
4747
}
4848

49-
if (!empty($_REQUEST['language'])) {
50-
$_REQUEST['language'] = repair_locale($_REQUEST['language']);
49+
if (!isempty_request_var('language')) {
50+
set_request_var('language', repair_locale(get_request_var('language')));
5151
}
5252

5353
/* determine whether or not we can support the language */
5454
$user_locale = '';
5555

56-
if (!empty($_REQUEST['language']) && !empty($lang2locale[$_REQUEST['language']])) {
56+
if (!isempty_request_var('language') && !empty($lang2locale[get_request_var('language')])) {
5757
/* user requests another language */
58-
$user_locale = apply_locale($_REQUEST['language']);
58+
$user_locale = apply_locale(get_request_var('language'));
5959
unset($_SESSION['sess_current_date1']);
6060
unset($_SESSION['sess_current_date2']);
6161

0 commit comments

Comments
 (0)