Merge remote-tracking branch 'github-security/ticket/security-164-alt…

…' into prep-release-3.1.1 * github-security/ticket/security-164-alt: [ticket/security-164] Correctly format page_name [ticket/security-164] Sanitize all global variables in symfony_request class
Wolfsblvt-Test · Nov 1, 2014 · b6a4f83 · b6a4f83
2 parents c980402 + f534503
commit b6a4f83
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php
@@ -87,7 +87,7 @@ static function extract_current_page($root_path)
 		$symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo());
 		if ($symfony_request_path !== '/')
 		{
-			$page_name .= $symfony_request_path;
+			$page_name .= str_replace('%2F', '/', urlencode($symfony_request_path));
 		}
 
 		// current directory within the phpBB root (for example: adm)

diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php
@@ -38,6 +38,9 @@ public function __construct(\phpbb\request\request_interface $phpbb_request)
 
 		array_walk_recursive($get_parameters, $sanitizer);
 		array_walk_recursive($post_parameters, $sanitizer);
+		array_walk_recursive($server_parameters, $sanitizer);
+		array_walk_recursive($files_parameters, $sanitizer);
+		array_walk_recursive($cookie_parameters, $sanitizer);
 
 		parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
 	}