summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Snopek2018-03-28 17:12:56 (GMT)
committerDavid Snopek2018-03-28 17:12:56 (GMT)
commit9fb2ea24e32e100cee0f271105f08e019e1b8b8c (patch)
tree2f104a42342714e7006c14742798f889d77e0aab
parent6d7a0890e603351d66cc9c9754bd0c81ee0476e5 (diff)
Issue #2955130 by dsnopek: [core] Add D6LTS patch for SA-CORE-2018-002
-rw-r--r--common/core/SA-CORE-2018-002.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/common/core/SA-CORE-2018-002.patch b/common/core/SA-CORE-2018-002.patch
new file mode 100644
index 0000000..1e88239
--- /dev/null
+++ b/common/core/SA-CORE-2018-002.patch
@@ -0,0 +1,70 @@
+diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
+index 23179ca98d..bfbbb81876 100644
+--- a/includes/bootstrap.inc
++++ b/includes/bootstrap.inc
+@@ -1142,6 +1142,7 @@ function _drupal_bootstrap($phase) {
+ timer_start('page');
+ // Initialize the configuration
+ conf_init();
++ _drupal_bootstrap_sanitize_request();
+ break;
+
+ case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
+@@ -1603,3 +1604,57 @@ function filter_xss_bad_protocol($string, $decode = TRUE) {
+ } while ($before != $string);
+ return check_plain($string);
+ }
++
++/**
++ * Sanitizes unsafe keys from the request.
++ */
++function _drupal_bootstrap_sanitize_request() {
++ global $conf;
++ static $sanitized;
++
++ if (!$sanitized) {
++ // Ensure the whitelist array exists.
++ if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
++ $conf['sanitize_input_whitelist'] = array();
++ }
++
++ $sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
++ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
++ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
++ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
++ $sanitized_keys = array_unique($sanitized_keys);
++
++ if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
++ trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
++ }
++
++ $sanitized = TRUE;
++ }
++}
++
++/**
++ * Sanitizes unsafe keys from user input.
++ *
++ * @param mixed $input
++ * Input to sanitize.
++ * @param array $whitelist
++ * Whitelist of values.
++ * @return array
++ */
++function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
++ $sanitized_keys = array();
++
++ if (is_array($input)) {
++ foreach ($input as $key => $value) {
++ if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
++ unset($input[$key]);
++ $sanitized_keys[] = $key;
++ }
++ elseif (is_array($input[$key])) {
++ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
++ }
++ }
++ }
++
++ return $sanitized_keys;
++}