Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2026-03-04 03:21:33 +01:00
Code Issues Packages Projects Releases Activity

Sanitize $grav['task']`

Browse Source
This commit is contained in:
Matias Griese
2018-11-30 13:14:10 +02:00
parent 180f3c2eca
commit db2738978e
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
system/src/Grav/Common/Processors/TasksProcessor.php
View File

@@ -26,6 +26,7 @@ class TasksProcessor extends ProcessorBase
$task = $this->container['task'];
if ($task) {
$attributes = $request->getAttribute('controller');
$controllerClass = $attributes['class'] ?? null;
if ($controllerClass) {
/** @var RequestHandlerInterface $controller */

10
system/src/Grav/Common/Service/TaskServiceProvider.php
View File

@@ -16,9 +16,13 @@ class TaskServiceProvider implements ServiceProviderInterface
{
public function register(Container $container)
{
$container['task'] = function ($c) {
/** @var Grav $c */
return !empty($_POST['task']) ? $_POST['task'] : $c['uri']->param('task');
$container['task'] = function (Grav $c) {
$task = $_POST['task'] ?? $c['uri']->param('task');
if (null !== $task) {
$task = filter_var($task, FILTER_SANITIZE_STRING);
}
return $task ?: null;
};
}
}