Nemcio/GitList
1
0
Fork 0
mirror of https://github.com/klaussilveira/gitlist.git synced 2025-11-17 11:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added proper input escaping

Browse Source
This commit is contained in:
Klaus Silveira
2014-06-29 23:54:03 -03:00
parent e86fc8dd55
commit 1bef1b961d
7 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/GitList/Application.php
View File

@@ -69,6 +69,10 @@ class Application extends SilexApplication
return $twig; return $twig;
})); }));
$this['escaper.argument'] = $this->share(function() {
return new Escaper\ArgumentEscaper();
});
// Handle errors // Handle errors
$this->error(function (\Exception $e, $code) use ($app) { $this->error(function (\Exception $e, $code) use ($app) {
if ($app['debug']) { if ($app['debug']) {

2
src/GitList/Controller/BlobController.php
View File

@@ -43,6 +43,7 @@ class BlobController implements ControllerProviderInterface
)); ));
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', '.+') ->assert('commitishPath', '.+')
->convert('commitishPath', 'escaper.argument:escape')
->bind('blob'); ->bind('blob');
$route->get('{repo}/raw/{commitishPath}', function ($repo, $commitishPath) use ($app) { $route->get('{repo}/raw/{commitishPath}', function ($repo, $commitishPath) use ($app) {
@@ -66,6 +67,7 @@ class BlobController implements ControllerProviderInterface
return new Response($blob, 200, $headers); return new Response($blob, 200, $headers);
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->convert('commitishPath', 'escaper.argument:escape')
->bind('blob_raw'); ->bind('blob_raw');
return $route; return $route;

3
src/GitList/Controller/CommitController.php
View File

@@ -61,6 +61,7 @@ class CommitController implements ControllerProviderInterface
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->value('commitishPath', null) ->value('commitishPath', null)
->convert('commitishPath', 'escaper.argument:escape')
->bind('commits'); ->bind('commits');
$route->post('{repo}/commits/{branch}/search', function (Request $request, $repo, $branch = '') use ($app) { $route->post('{repo}/commits/{branch}/search', function (Request $request, $repo, $branch = '') use ($app) {
@@ -89,6 +90,7 @@ class CommitController implements ControllerProviderInterface
)); ));
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->convert('branch', 'escaper.argument:escape')
->bind('searchcommits'); ->bind('searchcommits');
$route->get('{repo}/commit/{commit}', function ($repo, $commit) use ($app) { $route->get('{repo}/commit/{commit}', function ($repo, $commit) use ($app) {
@@ -125,6 +127,7 @@ class CommitController implements ControllerProviderInterface
)); ));
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->convert('commitishPath', 'escaper.argument:escape')
->bind('blame'); ->bind('blame');
return $route; return $route;

2
src/GitList/Controller/MainController.php
View File

@@ -48,6 +48,7 @@ class MainController implements ControllerProviderInterface
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->value('branch', null) ->value('branch', null)
->convert('branch', 'escaper.argument:escape')
->bind('stats'); ->bind('stats');
$route->get('{repo}/{branch}/rss/', function($repo, $branch) use ($app) { $route->get('{repo}/{branch}/rss/', function($repo, $branch) use ($app) {
@@ -69,6 +70,7 @@ class MainController implements ControllerProviderInterface
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->value('branch', null) ->value('branch', null)
->convert('branch', 'escaper.argument:escape')
->bind('rss'); ->bind('rss');
return $route; return $route;

2
src/GitList/Controller/NetworkController.php
View File

@@ -91,6 +91,7 @@ class NetworkController implements ControllerProviderInterface
)->assert('repo', $app['util.routing']->getRepositoryRegex()) )->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->value('commitishPath', null) ->value('commitishPath', null)
->convert('commitishPath', 'escaper.argument:escape')
->assert('page', '\d+') ->assert('page', '\d+')
->value('page', '0') ->value('page', '0')
->bind('networkData'); ->bind('networkData');
@@ -119,6 +120,7 @@ class NetworkController implements ControllerProviderInterface
)->assert('repo', $app['util.routing']->getRepositoryRegex()) )->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->value('commitishPath', null) ->value('commitishPath', null)
->convert('commitishPath', 'escaper.argument:escape')
->bind('network'); ->bind('network');
return $route; return $route;

4
src/GitList/Controller/TreeController.php
View File

@@ -45,6 +45,7 @@ class TreeController implements ControllerProviderInterface
)); ));
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('commitishPath', $app['util.routing']->getCommitishPathRegex()) ->assert('commitishPath', $app['util.routing']->getCommitishPathRegex())
->convert('commitishPath', 'escaper.argument:escape')
->bind('tree'); ->bind('tree');
$route->post('{repo}/tree/{branch}/search', function (Request $request, $repo, $branch = '', $tree = '') use ($app) { $route->post('{repo}/tree/{branch}/search', function (Request $request, $repo, $branch = '', $tree = '') use ($app) {
@@ -69,6 +70,7 @@ class TreeController implements ControllerProviderInterface
)); ));
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->convert('branch', 'escaper.argument:escape')
->bind('search'); ->bind('search');
$route->get('{repo}/{format}ball/{branch}', function($repo, $format, $branch) use ($app) { $route->get('{repo}/{format}ball/{branch}', function($repo, $format, $branch) use ($app) {
@@ -95,6 +97,7 @@ class TreeController implements ControllerProviderInterface
})->assert('format', '(zip|tar)') })->assert('format', '(zip|tar)')
->assert('repo', $app['util.routing']->getRepositoryRegex()) ->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->convert('branch', 'escaper.argument:escape')
->bind('archive'); ->bind('archive');
@@ -102,6 +105,7 @@ class TreeController implements ControllerProviderInterface
return $treeController($repo, $branch); return $treeController($repo, $branch);
})->assert('repo', $app['util.routing']->getRepositoryRegex()) })->assert('repo', $app['util.routing']->getRepositoryRegex())
->assert('branch', $app['util.routing']->getBranchRegex()) ->assert('branch', $app['util.routing']->getBranchRegex())
->convert('branch', 'escaper.argument:escape')
->bind('branch'); ->bind('branch');
$route->get('{repo}/', function($repo) use ($app, $treeController) { $route->get('{repo}/', function($repo) use ($app, $treeController) {

15
src/GitList/Escaper/ArgumentEscaper.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
namespace GitList\Escaper;
class ArgumentEscaper
{
public function escape($argument)
{
if ($argument === null) {
return null;
}
return escapeshellcmd($argument);
}
}