Home Explore Help
Sign In
bachir
/
edlp_d8
1
0
Fork 0
Files Issues 8 Pull Requests 0 Wiki
Tree: 5c71ef4c46
Branches Tags
edlp_d8
/
core
/
lib
/
Drupal
/
Core
/
Security
/
RequestSanitizer.php

RequestSanitizer.php 5.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\Core\Security;
    4. 

  4. 

  5. use Drupal\Component\Utility\UrlHelper;
    6. 

  6. use Symfony\Component\HttpFoundation\ParameterBag;
    7. 

  7. use Symfony\Component\HttpFoundation\Request;
    8. 

  8. 

  9. /**
    10. 

  10.  * Sanitizes user input.
    11. 

  11.  */
    12. 

  12. class RequestSanitizer {
    13. 

  13. 

  14.   /**
    15. 

  15.    * Request attribute to mark the request as sanitized.
    16. 

  16.    */
    17. 

  17.   const SANITIZED = '_drupal_request_sanitized';
    18. 

  18. 

  19.   /**
    20. 

  20.    * The name of the setting that configures the whitelist.
    21. 

  21.    */
    22. 

  22.   const SANITIZE_WHITELIST = 'sanitize_input_whitelist';
    23. 

  23. 

  24.   /**
    25. 

  25.    * The name of the setting that determines if sanitized keys are logged.
    26. 

  26.    */
    27. 

  27.   const SANITIZE_LOG = 'sanitize_input_logging';
    28. 

  28. 

  29.   /**
    30. 

  30.    * Strips dangerous keys from user input.
    31. 

  31.    *
    32. 

  32.    * @param \Symfony\Component\HttpFoundation\Request $request
    33. 

  33.    *   The incoming request to sanitize.
    34. 

  34.    * @param string[] $whitelist
    35. 

  35.    *   An array of keys to whitelist as safe. See default.settings.php.
    36. 

  36.    * @param bool $log_sanitized_keys
    37. 

  37.    *   (optional) Set to TRUE to log keys that are sanitized.
    38. 

  38.    *
    39. 

  39.    * @return \Symfony\Component\HttpFoundation\Request
    40. 

  40.    *   The sanitized request.
    41. 

  41.    */
    42. 

  42.   public static function sanitize(Request $request, $whitelist, $log_sanitized_keys = FALSE) {
    43. 

  43.     if (!$request->attributes->get(self::SANITIZED, FALSE)) {
    44. 

  44.       $update_globals = FALSE;
    45. 

  45.       $bags = [
    46. 

  46.         'query' => 'Potentially unsafe keys removed from query string parameters (GET): %s',
    47. 

  47.         'request' => 'Potentially unsafe keys removed from request body parameters (POST): %s',
    48. 

  48.         'cookies' => 'Potentially unsafe keys removed from cookie parameters: %s',
    49. 

  49.       ];
    50. 

  50.       foreach ($bags as $bag => $message) {
    51. 

  51.         if (static::processParameterBag($request->$bag, $whitelist, $log_sanitized_keys, $bag, $message)) {
    52. 

  52.           $update_globals = TRUE;
    53. 

  53.         }
    54. 

  54.       }
    55. 

  55.       if ($update_globals) {
    56. 

  56.         $request->overrideGlobals();
    57. 

  57.       }
    58. 

  58.       $request->attributes->set(self::SANITIZED, TRUE);
    59. 

  59.     }
    60. 

  60.     return $request;
    61. 

  61.   }
    62. 

  62. 

  63.   /**
    64. 

  64.    * Processes a request parameter bag.
    65. 

  65.    *
    66. 

  66.    * @param \Symfony\Component\HttpFoundation\ParameterBag $bag
    67. 

  67.    *   The parameter bag to process.
    68. 

  68.    * @param string[] $whitelist
    69. 

  69.    *   An array of keys to whitelist as safe.
    70. 

  70.    * @param bool $log_sanitized_keys
    71. 

  71.    *   Set to TRUE to log keys that are sanitized.
    72. 

  72.    * @param string $bag_name
    73. 

  73.    *   The request parameter bag name. Either 'query', 'request' or 'cookies'.
    74. 

  74.    * @param string $message
    75. 

  75.    *   The message to log if the parameter bag contains keys that are removed.
    76. 

  76.    *   If the message contains %s that is replaced by a list of removed keys.
    77. 

  77.    *
    78. 

  78.    * @return bool
    79. 

  79.    *   TRUE if the parameter bag has been sanitized, FALSE if not.
    80. 

  80.    */
    81. 

  81.   protected static function processParameterBag(ParameterBag $bag, $whitelist, $log_sanitized_keys, $bag_name, $message) {
    82. 

  82.     $sanitized = FALSE;
    83. 

  83.     $sanitized_keys = [];
    84. 

  84.     $bag->replace(static::stripDangerousValues($bag->all(), $whitelist, $sanitized_keys));
    85. 

  85.     if (!empty($sanitized_keys)) {
    86. 

  86.       $sanitized = TRUE;
    87. 

  87.       if ($log_sanitized_keys) {
    88. 

  88.         trigger_error(sprintf($message, implode(', ', $sanitized_keys)));
    89. 

  89.       }
    90. 

  90.     }
    91. 

  91. 

  92.     if ($bag->has('destination')) {
    93. 

  93.       $destination = $bag->get('destination');
    94. 

  94.       $destination_dangerous_keys = static::checkDestination($destination, $whitelist);
    95. 

  95.       if (!empty($destination_dangerous_keys)) {
    96. 

  96.         // The destination is removed rather than sanitized because the URL
    97. 

  97.         // generator service is not available and this method is called very
    98. 

  98.         // early in the bootstrap.
    99. 

  99.         $bag->remove('destination');
    100. 

  100.         $sanitized = TRUE;
    101. 

  101.         if ($log_sanitized_keys) {
    102. 

  102.           trigger_error(sprintf('Potentially unsafe destination removed from %s parameter bag because it contained the following keys: %s', $bag_name, implode(', ', $destination_dangerous_keys)));
    103. 

  103.         }
    104. 

  104.       }
    105. 

  105.       // Sanitize the destination parameter (which is often used for redirects)
    106. 

  106.       // to prevent open redirect attacks leading to other domains.
    107. 

  107.       if (UrlHelper::isExternal($destination)) {
    108. 

  108.         // The destination is removed because it is an external URL.
    109. 

  109.         $bag->remove('destination');
    110. 

  110.         $sanitized = TRUE;
    111. 

  111.         if ($log_sanitized_keys) {
    112. 

  112.           trigger_error(sprintf('Potentially unsafe destination removed from %s parameter bag because it points to an external URL.', $bag_name));
    113. 

  113.         }
    114. 

  114.       }
    115. 

  115.     }
    116. 

  116.     return $sanitized;
    117. 

  117.   }
    118. 

  118. 

  119.   /**
    120. 

  120.    * Checks a destination string to see if it is dangerous.
    121. 

  121.    *
    122. 

  122.    * @param string $destination
    123. 

  123.    *   The destination string to check.
    124. 

  124.    * @param array $whitelist
    125. 

  125.    *   An array of keys to whitelist as safe.
    126. 

  126.    *
    127. 

  127.    * @return array
    128. 

  128.    *   The dangerous keys found in the destination parameter.
    129. 

  129.    */
    130. 

  130.   protected static function checkDestination($destination, array $whitelist) {
    131. 

  131.     $dangerous_keys = [];
    132. 

  132.     $parts = UrlHelper::parse($destination);
    133. 

  133.     // If there is a query string, check its query parameters.
    134. 

  134.     if (!empty($parts['query'])) {
    135. 

  135.       static::stripDangerousValues($parts['query'], $whitelist, $dangerous_keys);
    136. 

  136.     }
    137. 

  137.     return $dangerous_keys;
    138. 

  138.   }
    139. 

  139. 

  140.   /**
    141. 

  141.    * Strips dangerous keys from $input.
    142. 

  142.    *
    143. 

  143.    * @param mixed $input
    144. 

  144.    *   The input to sanitize.
    145. 

  145.    * @param string[] $whitelist
    146. 

  146.    *   An array of keys to whitelist as safe.
    147. 

  147.    * @param string[] $sanitized_keys
    148. 

  148.    *   An array of keys that have been removed.
    149. 

  149.    *
    150. 

  150.    * @return mixed
    151. 

  151.    *   The sanitized input.
    152. 

  152.    */
    153. 

  153.   protected static function stripDangerousValues($input, array $whitelist, array &$sanitized_keys) {
    154. 

  154.     if (is_array($input)) {
    155. 

  155.       foreach ($input as $key => $value) {
    156. 

  156.         if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
    157. 

  157.           unset($input[$key]);
    158. 

  158.           $sanitized_keys[] = $key;
    159. 

  159.         }
    160. 

  160.         else {
    161. 

  161.           $input[$key] = static::stripDangerousValues($input[$key], $whitelist, $sanitized_keys);
    162. 

  162.         }
    163. 

  163.       }
    164. 

  164.     }
    165. 

  165.     return $input;
    166. 

  166.   }
    167. 

  167. 

  168. }
    169.