Skip to content

Instantly share code, notes, and snippets.

@nevergone
Last active April 29, 2018 14:22
Show Gist options
  • Save nevergone/845f7008b6cbeb6ebc367e48edfcebaf to your computer and use it in GitHub Desktop.
Save nevergone/845f7008b6cbeb6ebc367e48edfcebaf to your computer and use it in GitHub Desktop.
SA-CORE-2018-002 - Drupal 5 patch
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 5b2e5ab..b2e00ab 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -911,6 +911,7 @@ function _drupal_bootstrap($phase) {
drupal_unset_globals();
// Initialize the configuration
conf_init();
+ _drupal_bootstrap_sanitize_request();
break;
case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
@@ -1024,3 +1025,57 @@ function get_t() {
}
return $t;
}
+
+/**
+ * Sanitizes unsafe keys from the request.
+ */
+function _drupal_bootstrap_sanitize_request() {
+ global $conf;
+ static $sanitized;
+
+ if (!$sanitized) {
+ // Ensure the whitelist array exists.
+ if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
+ $conf['sanitize_input_whitelist'] = array();
+ }
+
+ $sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
+ $sanitized_keys = array_unique($sanitized_keys);
+
+ if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
+ trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
+ }
+
+ $sanitized = TRUE;
+ }
+}
+
+/**
+ * Sanitizes unsafe keys from user input.
+ *
+ * @param mixed $input
+ * Input to sanitize.
+ * @param array $whitelist
+ * Whitelist of values.
+ * @return array
+ */
+function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
+ $sanitized_keys = array();
+
+ if (is_array($input)) {
+ foreach ($input as $key => $value) {
+ if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
+ unset($input[$key]);
+ $sanitized_keys[] = $key;
+ }
+ elseif (is_array($input[$key])) {
+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
+ }
+ }
+ }
+
+ return $sanitized_keys;
+}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment