From 2b9616276f37e3cd9c330bb0cefbb8c0d3125044 Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Mon, 7 Oct 2019 17:03:33 +0200 Subject: [PATCH] [TASK] Prevents PHP warnings with type differences on $_REQUEST['serendipity']. refs #642 Backported from master branch. Signed-off-by: Thomas Hochstein --- docs/NEWS | 6 ++++++ include/compat.inc.php | 32 +++++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/docs/NEWS b/docs/NEWS index de45d8b7..851af7fd 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,6 +1,12 @@ Version 2.3.2-beta1 () ------------------------------------------------------------------------ + * Only populate $serendipity['GET'], $serendipity['POST'] and + $serendipity['COOKIE'] with references to $_GET['serendipity'], + $_POST['serendipity'], $_COOKIE['serendipity'] if they are + transmitted as an array. Else, an empty array is used. + Prevents PHP warnings (Issue 642) thanks to @hannob + * Escape category images to avoid backend XSS. Thanks to @hannob! diff --git a/include/compat.inc.php b/include/compat.inc.php index 0d61f097..e367d629 100644 --- a/include/compat.inc.php +++ b/include/compat.inc.php @@ -156,18 +156,18 @@ if (!function_exists('errorToExceptionHandler')) { break; } - // NOTE: We do NOT use ini_get('error_reporting'), because that would return the global error reporting, + // NOTE: We do NOT use ini_get('error_reporting'), because that would return the global error reporting, // and not the one in our current content. @-silenced errors would otherwise never be caught on. $rep = error_reporting(); // Bypass error processing because it's @-silenced. - if ($rep == 0) { - return false; + if ($rep == 0) { + return false; } // if not using Serendipity testing and user or ISP has set PHPs display_errors to show no errors at all, respect this: - if ($serendipity['production'] === true && ini_get('display_errors') == 0) { - return false; + if ($serendipity['production'] === true && ini_get('display_errors') == 0) { + return false; } // Several plugins might not adapt to proper style. This should not completely kill our execution. @@ -178,7 +178,7 @@ if (!function_exists('errorToExceptionHandler')) { $args = func_get_args(); - /* + /* * $serendipity['production'] can be: * * (bool) TRUE: Live-blog, conceal error messages @@ -373,9 +373,23 @@ if (ini_get('magic_quotes_gpc')) { } // Merge get and post into the serendipity array -$serendipity['GET'] = &$_GET['serendipity']; -$serendipity['POST'] = &$_POST['serendipity']; -$serendipity['COOKIE'] = &$_COOKIE['serendipity']; +if (is_array($_GET['serendipity'])) { + $serendipity['GET'] = &$_GET['serendipity']; +} else { + $serendipity['GET'] = array(); +} + +if (is_array($_POST['serendipity'])) { + $serendipity['POST'] = &$_POST['serendipity']; +} else { + $serendipity['POST'] = array(); +} + +if (is_array($_COOKIE['serendipity'])) { + $serendipity['COOKIE'] = &$_COOKIE['serendipity']; +} else { + $serendipity['COOKIE'] = array(); +} // Attempt to fix IIS compatibility if (empty($_SERVER['REQUEST_URI'])) {