|
@@ -2,6 +2,8 @@
|
|
|
|
|
|
namespace Drupal\Core\Security;
|
|
|
|
|
|
+use Drupal\Component\Utility\UrlHelper;
|
|
|
+use Symfony\Component\HttpFoundation\ParameterBag;
|
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
|
|
|
|
/**
|
|
@@ -39,33 +41,89 @@ class RequestSanitizer {
|
|
|
*/
|
|
|
public static function sanitize(Request $request, $whitelist, $log_sanitized_keys = FALSE) {
|
|
|
if (!$request->attributes->get(self::SANITIZED, FALSE)) {
|
|
|
- // Process query string parameters.
|
|
|
- $get_sanitized_keys = [];
|
|
|
- $request->query->replace(static::stripDangerousValues($request->query->all(), $whitelist, $get_sanitized_keys));
|
|
|
- if ($log_sanitized_keys && !empty($get_sanitized_keys)) {
|
|
|
- trigger_error(sprintf('Potentially unsafe keys removed from query string parameters (GET): %s', implode(', ', $get_sanitized_keys)));
|
|
|
+ $update_globals = FALSE;
|
|
|
+ $bags = [
|
|
|
+ 'query' => 'Potentially unsafe keys removed from query string parameters (GET): %s',
|
|
|
+ 'request' => 'Potentially unsafe keys removed from request body parameters (POST): %s',
|
|
|
+ 'cookies' => 'Potentially unsafe keys removed from cookie parameters: %s',
|
|
|
+ ];
|
|
|
+ foreach ($bags as $bag => $message) {
|
|
|
+ if (static::processParameterBag($request->$bag, $whitelist, $log_sanitized_keys, $bag, $message)) {
|
|
|
+ $update_globals = TRUE;
|
|
|
+ }
|
|
|
}
|
|
|
-
|
|
|
- // Request body parameters.
|
|
|
- $post_sanitized_keys = [];
|
|
|
- $request->request->replace(static::stripDangerousValues($request->request->all(), $whitelist, $post_sanitized_keys));
|
|
|
- if ($log_sanitized_keys && !empty($post_sanitized_keys)) {
|
|
|
- trigger_error(sprintf('Potentially unsafe keys removed from request body parameters (POST): %s', implode(', ', $post_sanitized_keys)));
|
|
|
+ if ($update_globals) {
|
|
|
+ $request->overrideGlobals();
|
|
|
}
|
|
|
+ $request->attributes->set(self::SANITIZED, TRUE);
|
|
|
+ }
|
|
|
+ return $request;
|
|
|
+ }
|
|
|
|
|
|
- // Cookie parameters.
|
|
|
- $cookie_sanitized_keys = [];
|
|
|
- $request->cookies->replace(static::stripDangerousValues($request->cookies->all(), $whitelist, $cookie_sanitized_keys));
|
|
|
- if ($log_sanitized_keys && !empty($cookie_sanitized_keys)) {
|
|
|
- trigger_error(sprintf('Potentially unsafe keys removed from cookie parameters: %s', implode(', ', $cookie_sanitized_keys)));
|
|
|
+ /**
|
|
|
+ * Processes a request parameter bag.
|
|
|
+ *
|
|
|
+ * @param \Symfony\Component\HttpFoundation\ParameterBag $bag
|
|
|
+ * The parameter bag to process.
|
|
|
+ * @param string[] $whitelist
|
|
|
+ * An array of keys to whitelist as safe.
|
|
|
+ * @param bool $log_sanitized_keys
|
|
|
+ * Set to TRUE to log keys that are sanitized.
|
|
|
+ * @param string $bag_name
|
|
|
+ * The request parameter bag name. Either 'query', 'request' or 'cookies'.
|
|
|
+ * @param string $message
|
|
|
+ * The message to log if the parameter bag contains keys that are removed.
|
|
|
+ * If the message contains %s that is replaced by a list of removed keys.
|
|
|
+ *
|
|
|
+ * @return bool
|
|
|
+ * TRUE if the parameter bag has been sanitized, FALSE if not.
|
|
|
+ */
|
|
|
+ protected static function processParameterBag(ParameterBag $bag, $whitelist, $log_sanitized_keys, $bag_name, $message) {
|
|
|
+ $sanitized = FALSE;
|
|
|
+ $sanitized_keys = [];
|
|
|
+ $bag->replace(static::stripDangerousValues($bag->all(), $whitelist, $sanitized_keys));
|
|
|
+ if (!empty($sanitized_keys)) {
|
|
|
+ $sanitized = TRUE;
|
|
|
+ if ($log_sanitized_keys) {
|
|
|
+ trigger_error(sprintf($message, implode(', ', $sanitized_keys)));
|
|
|
}
|
|
|
+ }
|
|
|
|
|
|
- if (!empty($get_sanitized_keys) || !empty($post_sanitized_keys) || !empty($cookie_sanitized_keys)) {
|
|
|
- $request->overrideGlobals();
|
|
|
+ if ($bag->has('destination')) {
|
|
|
+ $destination_dangerous_keys = static::checkDestination($bag->get('destination'), $whitelist);
|
|
|
+ if (!empty($destination_dangerous_keys)) {
|
|
|
+ // The destination is removed rather than sanitized because the URL
|
|
|
+ // generator service is not available and this method is called very
|
|
|
+ // early in the bootstrap.
|
|
|
+ $bag->remove('destination');
|
|
|
+ $sanitized = TRUE;
|
|
|
+ if ($log_sanitized_keys) {
|
|
|
+ trigger_error(sprintf('Potentially unsafe destination removed from %s parameter bag because it contained the following keys: %s', $bag_name, implode(', ', $destination_dangerous_keys)));
|
|
|
+ }
|
|
|
}
|
|
|
- $request->attributes->set(self::SANITIZED, TRUE);
|
|
|
}
|
|
|
- return $request;
|
|
|
+ return $sanitized;
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Checks a destination string to see if it is dangerous.
|
|
|
+ *
|
|
|
+ * @param string $destination
|
|
|
+ * The destination string to check.
|
|
|
+ * @param array $whitelist
|
|
|
+ * An array of keys to whitelist as safe.
|
|
|
+ *
|
|
|
+ * @return array
|
|
|
+ * The dangerous keys found in the destination parameter.
|
|
|
+ */
|
|
|
+ protected static function checkDestination($destination, array $whitelist) {
|
|
|
+ $dangerous_keys = [];
|
|
|
+ $parts = UrlHelper::parse($destination);
|
|
|
+ // If there is a query string, check its query parameters.
|
|
|
+ if (!empty($parts['query'])) {
|
|
|
+ static::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys);
|
|
|
+ }
|
|
|
+ return $dangerous_keys;
|
|
|
}
|
|
|
|
|
|
/**
|