mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

[TASK] Prevents PHP warnings with type differences on $_REQUEST['serendipity'].

Browse Source 
refs #642

Backported from master branch.

Signed-off-by: Thomas Hochstein <thh@inter.net>
This commit is contained in:
Garvin Hicking 2019-10-07 17:03:33 +02:00 committed by Thomas Hochstein
parent f26a306026
commit 2b9616276f
2 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/NEWS
View File

@ -1,6 +1,12 @@
Version 2.3.2-beta1 () Version 2.3.2-beta1 ()
------------------------------------------------------------------------ ------------------------------------------------------------------------
* Only populate $serendipity['GET'], $serendipity['POST'] and
$serendipity['COOKIE'] with references to $_GET['serendipity'],
$_POST['serendipity'], $_COOKIE['serendipity'] if they are
transmitted as an array. Else, an empty array is used.
Prevents PHP warnings (Issue 642) thanks to @hannob
* Escape category images to avoid backend XSS. * Escape category images to avoid backend XSS.
Thanks to @hannob! Thanks to @hannob!

32
include/compat.inc.php
View File

@ -156,18 +156,18 @@ if (!function_exists('errorToExceptionHandler')) {
break; break;
} }
// NOTE: We do NOT use ini_get('error_reporting'), because that would return the global error reporting, // NOTE: We do NOT use ini_get('error_reporting'), because that would return the global error reporting,
// and not the one in our current content. @-silenced errors would otherwise never be caught on. // and not the one in our current content. @-silenced errors would otherwise never be caught on.
$rep = error_reporting(); $rep = error_reporting();
// Bypass error processing because it's @-silenced. // Bypass error processing because it's @-silenced.
if ($rep == 0) { if ($rep == 0) {
return false; return false;
} }
// if not using Serendipity testing and user or ISP has set PHPs display_errors to show no errors at all, respect this: // if not using Serendipity testing and user or ISP has set PHPs display_errors to show no errors at all, respect this:
if ($serendipity['production'] === true && ini_get('display_errors') == 0) { if ($serendipity['production'] === true && ini_get('display_errors') == 0) {
return false; return false;
} }
// Several plugins might not adapt to proper style. This should not completely kill our execution. // Several plugins might not adapt to proper style. This should not completely kill our execution.
@ -178,7 +178,7 @@ if (!function_exists('errorToExceptionHandler')) {
$args = func_get_args(); $args = func_get_args();
/* /*
* $serendipity['production'] can be: * $serendipity['production'] can be:
* *
* (bool) TRUE: Live-blog, conceal error messages * (bool) TRUE: Live-blog, conceal error messages
@ -373,9 +373,23 @@ if (ini_get('magic_quotes_gpc')) {
} }
// Merge get and post into the serendipity array // Merge get and post into the serendipity array
$serendipity['GET'] = &$_GET['serendipity']; if (is_array($_GET['serendipity'])) {
$serendipity['POST'] = &$_POST['serendipity']; $serendipity['GET'] = &$_GET['serendipity'];
$serendipity['COOKIE'] = &$_COOKIE['serendipity']; } else {
$serendipity['GET'] = array();
}
if (is_array($_POST['serendipity'])) {
$serendipity['POST'] = &$_POST['serendipity'];
} else {
$serendipity['POST'] = array();
}
if (is_array($_COOKIE['serendipity'])) {
$serendipity['COOKIE'] = &$_COOKIE['serendipity'];
} else {
$serendipity['COOKIE'] = array();
}
// Attempt to fix IIS compatibility // Attempt to fix IIS compatibility
if (empty($_SERVER['REQUEST_URI'])) { if (empty($_SERVER['REQUEST_URI'])) {