From db2738978e47bc1bb51ef3b1dd2d2fa0628b2f69 Mon Sep 17 00:00:00 2001
From: Matias Griese <matias@trilbymedia.com>
Date: Fri, 30 Nov 2018 13:14:10 +0200
Subject: [PATCH] Sanitize $grav['task']`

---
 system/src/Grav/Common/Processors/TasksProcessor.php   |  1 +
 system/src/Grav/Common/Service/TaskServiceProvider.php | 10 +++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/system/src/Grav/Common/Processors/TasksProcessor.php b/system/src/Grav/Common/Processors/TasksProcessor.php
index ba30a62f7..7b5adddc1 100644
--- a/system/src/Grav/Common/Processors/TasksProcessor.php
+++ b/system/src/Grav/Common/Processors/TasksProcessor.php
@@ -26,6 +26,7 @@ class TasksProcessor extends ProcessorBase
         $task = $this->container['task'];
         if ($task) {
             $attributes = $request->getAttribute('controller');
+
             $controllerClass = $attributes['class'] ?? null;
             if ($controllerClass) {
                 /** @var RequestHandlerInterface $controller */
diff --git a/system/src/Grav/Common/Service/TaskServiceProvider.php b/system/src/Grav/Common/Service/TaskServiceProvider.php
index 40b9696b4..d42661fa9 100644
--- a/system/src/Grav/Common/Service/TaskServiceProvider.php
+++ b/system/src/Grav/Common/Service/TaskServiceProvider.php
@@ -16,9 +16,13 @@ class TaskServiceProvider implements ServiceProviderInterface
 {
     public function register(Container $container)
     {
-        $container['task'] = function ($c) {
-            /** @var Grav $c */
-            return !empty($_POST['task']) ? $_POST['task'] : $c['uri']->param('task');
+        $container['task'] = function (Grav $c) {
+            $task = $_POST['task'] ?? $c['uri']->param('task');
+            if (null !== $task) {
+                $task = filter_var($task, FILTER_SANITIZE_STRING);
+            }
+
+            return $task ?: null;
         };
     }
 }