From 13285f080ac800263937a9a4f4f25697bc5ecf60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pierre=20Mazi=C3=A8re?= Date: Tue, 23 Aug 2016 14:22:02 +0200 Subject: [PATCH] [core] use filter_input() instead of direct access to $_REQUEST MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pierre Mazière --- index.php | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/index.php b/index.php index cfc98ea2..8e06925c 100644 --- a/index.php +++ b/index.php @@ -91,15 +91,13 @@ try{ Format::setDir(__DIR__ . '/formats/'); Cache::setDir(__DIR__ . '/caches/'); - if( isset($_REQUEST) && isset($_REQUEST['action']) ){ - switch($_REQUEST['action']){ - case 'display': - if( isset($_REQUEST['bridge']) ){ - unset($_REQUEST['action']); - $bridge = $_REQUEST['bridge']; - unset($_REQUEST['bridge']); - $format = $_REQUEST['format']; - unset($_REQUEST['format']); + $action=filter_input(INPUT_GET,'action'); + $bridge=filter_input(INPUT_GET,'bridge'); + if($action === 'display' && !empty($bridge)){ + unset($_REQUEST['action']); + unset($_REQUEST['bridge']); + $format = $_REQUEST['format']; + unset($_REQUEST['format']); // whitelist control if(!Bridge::isWhitelisted($whitelist_selection, $bridge)) { @@ -115,9 +113,9 @@ try{ } else { $bridge->setCache($cache); // just add disable cache to your query to disable caching } - if(defined('PROXY_URL') && PROXY_BYBRIDGE && - isset($_REQUEST['_noproxy']) - ){ + + $noproxy=filter_input(INPUT_GET,'_noproxy'); + if(defined('PROXY_URL') && PROXY_BYBRIDGE && !empty($noproxy)){ $bridge->useProxy=false; } $bridge->loadMetadatas(); @@ -138,10 +136,8 @@ try{ } die; - } - break; - } - } + + } } catch(HttpException $e){ header('HTTP/1.1 ' . $e->getCode() . ' ' . Http::getMessageForCode($e->getCode())); @@ -173,7 +169,7 @@ $formats = Format::searchInformation();