1 bootstrap.inc | _backdrop_bootstrap_sanitize_request() |
Sanitizes unsafe input from the PHP request super-globals.
File
- core/
includes/ bootstrap.inc, line 3310 - Functions that need to be loaded on every Backdrop request.
Code
function _backdrop_bootstrap_sanitize_request() {
// Remove dangerous keys from input data.
$allowlist = settings_get('sanitize_input_allowlist', array());
if (empty($allowlist)) {
// @todo Remove forbidden backwards compatibility word in Backdrop 2.x.
// cspell:disable-next-line
$allowlist = settings_get('sanitize_input_whitelist', array());
}
$log_sanitized_keys = settings_get('sanitize_input_logging');
// Process query string parameters.
$sanitized_keys = _backdrop_bootstrap_sanitize_input($_GET, $allowlist);
if ($sanitized_keys && $log_sanitized_keys) {
trigger_error(format_string('Potentially unsafe keys removed from query string parameters (GET): @keys', array('@keys' => implode(', ', $sanitized_keys))), E_USER_WARNING);
}
// Process request body parameters.
$sanitized_keys = _backdrop_bootstrap_sanitize_input($_POST, $allowlist);
if ($sanitized_keys && $log_sanitized_keys) {
trigger_error(format_string('Potentially unsafe keys removed from request body parameters (POST): @keys', array('@keys' => implode(', ', $sanitized_keys))), E_USER_WARNING);
}
// Process cookie parameters.
$sanitized_keys = _backdrop_bootstrap_sanitize_input($_COOKIE, $allowlist);
if ($sanitized_keys && $log_sanitized_keys) {
trigger_error(format_string('Potentially unsafe keys removed from cookie parameters (COOKIE): @keys', array('@keys' => implode(', ', $sanitized_keys))), E_USER_WARNING);
}
// Process request global. No need to log; already logged in $_GET and $_POST.
_backdrop_bootstrap_sanitize_input($_REQUEST, $allowlist);
// Sanitize the destination parameter (which is often used for redirects) to
// prevent open redirect attacks leading to other domains. Sanitize both
// $_GET['destination'] and $_REQUEST['destination'] to protect code that
// relies on either, but do not sanitize $_POST to avoid interfering with
// unrelated form submissions. The sanitization happens here because
// url_is_external() requires settings.php variables to be available.
if (isset($_GET['destination']) || isset($_REQUEST['destination'])) {
require_once BACKDROP_ROOT . '/core/includes/common.inc';
// If the destination is an external URL, remove it.
if (isset($_GET['destination']) && url_is_external($_GET['destination'])) {
$sanitized_keys = array('External URL in GET: ' . $_GET['destination']);
}
// If there's still something in $_REQUEST['destination'] that didn't come
// from $_GET, check it too.
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) {
$sanitized_keys = array('External URL in REQUEST: ' . $_REQUEST['destination']);
}
// If there is a query string, check its query parameters.
if (isset($_GET['destination'])) {
$destination_parts = backdrop_parse_url($_GET['destination']);
}
if (!empty($destination_parts['query'])) {
$sanitized_keys = _backdrop_bootstrap_sanitize_input($destination_parts['query'], $allowlist);
}
if ($sanitized_keys) {
unset($_GET['destination']);
unset($_REQUEST['destination']);
if ($log_sanitized_keys) {
trigger_error(format_string('Potentially unsafe values removed from the destination query parameter: @keys', array('@keys' => implode(', ', $sanitized_keys))), E_USER_WARNING);
}
}
}
}