From 55388e762beb7e7ef21e0dfa41703eed7963f577 Mon Sep 17 00:00:00 2001 From: ah-net <103565001+ah-net@users.noreply.github.com> Date: Wed, 23 Aug 2023 16:39:56 +0200 Subject: [PATCH] Bugfix check hash value on page load (#86) --- .../SuggestionType/SuggestionTypeCategory.php | 5 +++++ .../HashInputProvider.php | 5 +++++ Model/NavigationConfig.php | 16 +++++++++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/Model/Client/Type/SuggestionType/SuggestionTypeCategory.php b/Model/Client/Type/SuggestionType/SuggestionTypeCategory.php index c4824213..118e29ef 100644 --- a/Model/Client/Type/SuggestionType/SuggestionTypeCategory.php +++ b/Model/Client/Type/SuggestionType/SuggestionTypeCategory.php @@ -31,6 +31,11 @@ class SuggestionTypeCategory extends SuggestionTypeAbstract */ protected $urlInstance; + /** + * @var Config + */ + protected $config; + /** * SuggestionTypeCategory constructor. * @param CategoryRepository $categoryRepository Empty category model used to resolve urls diff --git a/Model/FilterFormInputProvider/HashInputProvider.php b/Model/FilterFormInputProvider/HashInputProvider.php index 1138fd35..16e1fb61 100644 --- a/Model/FilterFormInputProvider/HashInputProvider.php +++ b/Model/FilterFormInputProvider/HashInputProvider.php @@ -61,6 +61,11 @@ public function validateHash($request) if ($hash === $originalHash) { $isValid = true; } + } else { + //hash is empty original url should also be empty + if (empty ($request->getParam('__tw_original_url'))) { + $isValid = true; + } } return $isValid; diff --git a/Model/NavigationConfig.php b/Model/NavigationConfig.php index 42f07a35..9436bdbe 100644 --- a/Model/NavigationConfig.php +++ b/Model/NavigationConfig.php @@ -10,6 +10,7 @@ use Magento\Framework\UrlInterface; use Magento\Framework\Serialize\Serializer\Json; use Magento\Framework\View\Element\Block\ArgumentInterface; +use Tweakwise\Magento2Tweakwise\Model\FilterFormInputProvider\HashInputProvider; /** * Class NavigationConfig @@ -57,6 +58,11 @@ class NavigationConfig implements ArgumentInterface, FilterFormInputProviderInte */ protected $request; + /** + * @var HashInputProvider + */ + protected $hashInputProvider; + /** * NavigationConfig constructor. * @param Config $config @@ -74,7 +80,8 @@ public function __construct( ProductMetadataInterface $productMetadata, FilterFormInputProviderInterface $filterFormInputProvider, Json $jsonSerializer, - Http $request + Http $request, + HashInputProvider $hashInputProvider ) { $this->config = $config; $this->jsonSerializer = $jsonSerializer; @@ -83,6 +90,7 @@ public function __construct( $this->productMetadata = $productMetadata; $this->filterFormInputProvider = $filterFormInputProvider; $this->request = $request; + $this->hashInputProvider = $hashInputProvider; } /** @@ -90,6 +98,12 @@ public function __construct( */ public function getFilterFormInput(): array { + //check request for modified values + if (!$this->hashInputProvider->validateHash($this->request)) { + //form is modified, don't accept the request. Should only happen in an xss attack + throw new \InvalidArgumentException('Incorrect/modified form parameters'); + } + $filterFormInput = $this->filterFormInputProvider->getFilterFormInput(); unset($filterFormInput['p']);