Merge pull request #447 from gnuheidix/comment_sanitized

some PHP functions expect strings and crash otherwise
2017-02-07 22:16:10 +01:00 · 2017-02-07 22:16:10 +01:00 · 381b066344
commit 381b066344
parent 9511b9dde5 7a0a9e2156
3 changed files with 12 additions and 3 deletions
--- a/include/compat.inc.php
+++ b/include/compat.inc.php
@ -497,6 +497,9 @@ if (function_exists('date_default_timezone_get')) {
 * native encoded strings containing umlauts. This wrapper should to be used in the core until PHP 5.6 fixes the bug.
 */
 function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
+    if (!is_string($string)) {
+        return '';
+    }
    if ($flags == null) {
        if (defined('ENT_HTML401')) {
            // Added with PHP 5.4.x
@ -520,6 +523,9 @@ function serendipity_specialchars($string, $flags = null, $encoding = LANG_CHARS
 * see serendipity_specialchars
 */
 function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET, $double_encode = true) {
+    if (!is_string($string)) {
+        return '';
+    }
    if ($flags == null) {
        if (defined('ENT_HTML401')) {
            // Added with PHP 5.4.x
@ -539,6 +545,9 @@ function serendipity_entities($string, $flags = null, $encoding = LANG_CHARSET,
 * serendipity_specialchars
 */
 function serendipity_entity_decode($string, $flags = null, $encoding = LANG_CHARSET) {
+    if (!is_string($string)) {
+        return '';
+    }
    if ($flags == null) {
        # NOTE: ENT_SUBSTITUTE does not exist for this function, and the documentation does not specify that it will
        # ever echo empty strings on charset errors
--- a/include/functions_comments.inc.php
+++ b/include/functions_comments.inc.php
@ -363,8 +363,8 @@ function serendipity_printComments($comments, $parentid = 0, $depth = 0, $trace
        if ($parentid === VIEWMODE_LINEAR || !isset($comment['parent_id']) || $comment['parent_id'] == $parentid) {
            $i++;

-            $comment['comment'] = serendipity_specialchars(strip_tags($comment['body']));
-            $comment['url']     = strip_tags($comment['url']);
+            $comment['comment'] = (is_string($comment['body']) ? serendipity_specialchars(strip_tags($comment['body'])) : '');
+            $comment['url']     = (is_string($comment['url']) ? strip_tags($comment['url']) : '');
            $comment['link_delete'] = $serendipity['baseURL'] . 'comment.php?serendipity[delete]=' . $comment['id'] . '&amp;serendipity[entry]=' . $comment['entry_id'] . '&amp;serendipity[type]=comments&amp;' . $formToken;

            /* Fix invalid cases in protocoll part */
--- a/include/functions_routing.inc.php
+++ b/include/functions_routing.inc.php
@ -339,7 +339,7 @@ function serveEntry($matches) {
    if (!empty($serendipity['POST']['submit']) && !isset($_REQUEST['serendipity']['csuccess'])) {

        $comment['url']       = $serendipity['POST']['url'];
-        $comment['comment']   = trim($serendipity['POST']['comment']);
+        $comment['comment']   = (is_string($serendipity['POST']['comment']) ? trim($serendipity['POST']['comment']) : '');
        $comment['name']      = $serendipity['POST']['name'];
        $comment['email']     = $serendipity['POST']['email'];
        $comment['subscribe'] = $serendipity['POST']['subscribe'];