summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Rothstein2018-03-27 19:33:19 (GMT)
committerDavid Rothstein2018-03-27 19:33:19 (GMT)
commit6cac2ea3f8571e01357ee54cfda05e51e86e8bd6 (patch)
tree47869fb748ca9044361510c4a4177f8145b637a7
parent15d0f93c24cac73021608ddb5ec522933b4ffbd3 (diff)
parent9ba4feea164a5911afe7c5d2f8c57ebc1b2b9bc4 (diff)
Merge tag '7.58' into 7.x7.x
7.58 release
-rw-r--r--CHANGELOG.txt4
-rw-r--r--includes/bootstrap.inc6
-rw-r--r--includes/request-sanitizer.inc82
3 files changed, 91 insertions, 1 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index c74f95a..e694a84 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -9,6 +9,10 @@ Drupal 7.xx, xxxx-xx-xx (development version)
Host header.
- Allowed the + character to appear in usernames.
+Drupal 7.58, 2018-03-28
+-----------------------
+- Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-002.
+
Drupal 7.57, 2018-02-21
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2018-001.
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index f789712..2abc7f0 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '7.58-dev');
+define('VERSION', '7.59-dev');
/**
* Core API compatibility.
@@ -2632,6 +2632,10 @@ function _drupal_bootstrap_configuration() {
timer_start('page');
// Initialize the configuration, including variables from settings.php.
drupal_settings_initialize();
+
+ // Sanitize unsafe keys from the request.
+ require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
+ DrupalRequestSanitizer::sanitize();
}
/**
diff --git a/includes/request-sanitizer.inc b/includes/request-sanitizer.inc
new file mode 100644
index 0000000..1daa6b5
--- /dev/null
+++ b/includes/request-sanitizer.inc
@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * @file
+ * Contains code for sanitizing user input from the request.
+ */
+
+/**
+ * Sanitizes user input from the request.
+ */
+class DrupalRequestSanitizer {
+
+ /**
+ * Tracks whether the request was already sanitized.
+ */
+ protected static $sanitized = FALSE;
+
+ /**
+ * Modifies the request to strip dangerous keys from user input.
+ */
+ public static function sanitize() {
+ if (!self::$sanitized) {
+ $whitelist = variable_get('sanitize_input_whitelist', array());
+ $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
+
+ // Process query string parameters.
+ $get_sanitized_keys = array();
+ $_GET = self::stripDangerousValues($_GET, $whitelist, $get_sanitized_keys);
+ if ($log_sanitized_keys && $get_sanitized_keys) {
+ _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from query string parameters (GET): @keys', array('@keys' => implode(', ', $get_sanitized_keys))), E_USER_NOTICE);
+ }
+
+ // Process request body parameters.
+ $post_sanitized_keys = array();
+ $_POST = self::stripDangerousValues($_POST, $whitelist, $post_sanitized_keys);
+ if ($log_sanitized_keys && $post_sanitized_keys) {
+ _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from request body parameters (POST): @keys', array('@keys' => implode(', ', $post_sanitized_keys))), E_USER_NOTICE);
+ }
+
+ // Process cookie parameters.
+ $cookie_sanitized_keys = array();
+ $_COOKIE = self::stripDangerousValues($_COOKIE, $whitelist, $cookie_sanitized_keys);
+ if ($log_sanitized_keys && $cookie_sanitized_keys) {
+ _drupal_trigger_error_with_delayed_logging(format_string('Potentially unsafe keys removed from cookie parameters (COOKIE): @keys', array('@keys' => implode(', ', $cookie_sanitized_keys))), E_USER_NOTICE);
+ }
+
+ $request_sanitized_keys = array();
+ $_REQUEST = self::stripDangerousValues($_REQUEST, $whitelist, $request_sanitized_keys);
+
+ self::$sanitized = TRUE;
+ }
+ }
+
+ /**
+ * Strips dangerous keys from the provided input.
+ *
+ * @param mixed $input
+ * The input to sanitize.
+ * @param string[] $whitelist
+ * An array of keys to whitelist as safe.
+ * @param string[] $sanitized_keys
+ * An array of keys that have been removed.
+ *
+ * @return mixed
+ * The sanitized input.
+ */
+ protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
+ if (is_array($input)) {
+ foreach ($input as $key => $value) {
+ if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
+ unset($input[$key]);
+ $sanitized_keys[] = $key;
+ }
+ else {
+ $input[$key] = self::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
+ }
+ }
+ }
+ return $input;
+ }
+
+}