Author: peterdd (peterdd) Committer: Nikita Popov (nikic) Date: 2021-10-21T11:19:54+02:00
Commit: https://github.com/php/web-bugs/commit/2edddded73ce8d7258cec3311f4e993b96a2ee48 Raw diff: https://github.com/php/web-bugs/commit/2edddded73ce8d7258cec3311f4e993b96a2ee48.diff Check if params for reporting a bug are is_string() Closes GH-104. Changed paths: M include/functions.php Diff: diff --git a/include/functions.php b/include/functions.php index 1816d005..a380cee8 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1158,9 +1158,11 @@ function is_valid_email($email, $phpnet_allowed = true) /** * Validate an incoming bug report * - * @param + * @param mixed $in usually $_POST['in'] + * @param bool $initial + * @param bool $logged_in * - * @return void + * @return array */ function incoming_details_are_valid($in, $initial = 0, $logged_in = false) { @@ -1176,7 +1178,8 @@ function incoming_details_are_valid($in, $initial = 0, $logged_in = false) $errors[] = 'Please provide a valid email address.'; } } - if (!$logged_in && $initial && empty($in['passwd'])) { + + if (!$logged_in && $initial && (empty($in['passwd']) || !is_string($in['passwd']))) { $errors[] = 'Please provide a password for this bug report.'; } @@ -1184,25 +1187,25 @@ function incoming_details_are_valid($in, $initial = 0, $logged_in = false) $errors[] = 'Please select a valid PHP version. If your PHP version is too old, please upgrade first and see if the problem has not already been fixed.'; } - if (empty($in['php_version']) || ($initial && !in_array($in['php_version'], $versions))) { + if (empty($in['php_version']) || !is_string($in['php_version']) || ($initial && !in_array($in['php_version'], $versions))) { $errors[] = 'Please select a valid PHP version.'; } - if (empty ($in['package_name']) || $in['package_name'] == 'none') { + if (empty($in['package_name']) || !is_string($in['package_name']) || $in['package_name'] == 'none') { $errors[] = 'Please select an appropriate package.'; } else if (!package_exists($in['package_name'])) { $errors[] = 'Please select an appropriate package.'; } - if (empty($in['bug_type']) || !array_key_exists($in['bug_type'], $bug_types)) { + if (empty($in['bug_type']) || !is_string($in['bug_type']) || !array_key_exists($in['bug_type'], $bug_types)) { $errors[] = 'Please select a valid bug type.'; } - if (empty($in['sdesc'])) { + if (empty($in['sdesc']) || !is_string($in['sdesc'])) { $errors[] = 'You must supply a short description of the bug you are reporting.'; } - if ($initial && empty($in['ldesc'])) { + if ($initial && (empty($in['ldesc']) || !is_string($in['ldesc']))) { $errors[] = 'You must supply a long description of the bug you are reporting.'; } -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php