From 2d06c9a753b001a99c0b787e9735dc1e1de9ba87 Mon Sep 17 00:00:00 2001
From: Matthieu Napoli <matthieu@mnapoli.fr>
Date: Wed, 15 Oct 2014 17:20:18 +1300
Subject: [PATCH] Fix for bd7dc4d60 which broke the build (null bytes where not
sanitized)
---
core/Common.php | 16 +++++++++++++---
tests/PHPUnit/Unit/CommonTest.php | 4 ++--
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/core/Common.php b/core/Common.php
index a11b3f977b..76c9777605 100644
--- a/core/Common.php
+++ b/core/Common.php
@@ -314,6 +314,8 @@ class Common
// note: before php 5.2.7, htmlspecialchars() double encodes &#x hex items
$value = html_entity_decode($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
+ $value = self::sanitizeNullBytes($value);
+
// escape
$tmp = @htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
@@ -383,13 +385,21 @@ class Common
}
/**
- *
- * @param string
+ * @param string $value
* @return string Line breaks and line carriage removed
*/
public static function sanitizeLineBreaks($value)
{
- return str_replace(array("\n", "\r", "\0"), '', $value);
+ return str_replace(array("\n", "\r"), '', $value);
+ }
+
+ /**
+ * @param string $value
+ * @return string Null bytes removed
+ */
+ public static function sanitizeNullBytes($value)
+ {
+ return str_replace(array("\0"), '', $value);
}
/**
diff --git a/tests/PHPUnit/Unit/CommonTest.php b/tests/PHPUnit/Unit/CommonTest.php
index 80fa014bc5..3176362dd0 100644
--- a/tests/PHPUnit/Unit/CommonTest.php
+++ b/tests/PHPUnit/Unit/CommonTest.php
@@ -55,8 +55,8 @@ class Core_CommonTest extends PHPUnit_Framework_TestCase
),
// test filter - expect new line and null byte to be filtered out
array(
- "New\nLine\rNull\0Byte",
- 'NewLineNullByte'
+ "Null\0Byte",
+ 'NullByte'
),
// double encoded - no change (document as user error)
array(
--
GitLab