From 4b0729a293eb66016c18fe1e6f06c4ce0e2eff23 Mon Sep 17 00:00:00 2001 From: Leo Feyer Date: Tue, 18 Nov 2014 16:41:06 +0100 Subject: [PATCH] Always apply the IE security fix in the Environment class Apply the IE security fix to both Environment::get('queryString') and Environment::get('requestUri') and use Environment::get('queryString') instead of $_SERVER['QUERY_STRING']. --- .../core/library/Contao/Environment.php | 39 +++++++++++++------ .../core/library/Contao/Pagination.php | 2 +- .../modules/listing/modules/ModuleListing.php | 2 +- 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/system/modules/core/library/Contao/Environment.php b/system/modules/core/library/Contao/Environment.php index df77dadbc9..57ce08bc9a 100644 --- a/system/modules/core/library/Contao/Environment.php +++ b/system/modules/core/library/Contao/Environment.php @@ -166,6 +166,25 @@ protected static function documentRoot() } + /** + * Return the query string (e.g. id=2) + * + * @return string The query string + */ + protected static function queryString() + { + if (!isset($_SERVER['QUERY_STRING'])) + { + return ''; + } + + // IE security fix (thanks to Michiel Leideman) + $strRequest = str_replace(array('<', '>', '"'), array('%3C', '%3E', '%22'), $_SERVER['QUERY_STRING']); + + return $strRequest; + } + + /** * Return the request URI [path]?[query] (e.g. /contao/index.php?id=2) * @@ -175,12 +194,17 @@ protected static function requestUri() { if (!empty($_SERVER['REQUEST_URI'])) { - return $_SERVER['REQUEST_URI']; + $strRequest = $_SERVER['REQUEST_URI']; } else { - return '/' . preg_replace('/^\//', '', static::get('scriptName')) . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''); + $strRequest = '/' . preg_replace('/^\//', '', static::get('scriptName')) . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''); } + + // IE security fix (thanks to Michiel Leideman) + $strRequest = str_replace(array('<', '>', '"'), array('%3C', '%3E', '%22'), $strRequest); + + return $strRequest; } @@ -421,16 +445,7 @@ protected static function script() */ protected static function request() { - $strRequest = preg_replace('/^' . preg_quote(TL_PATH, '/') . '\/?/', '', static::get('requestUri')); - - // From version 2.9, do not fallback to $this->script - // anymore if the request string is empty (see #1844). - - // IE security fix (thanks to Michiel Leideman) - $strRequest = str_replace(array('<', '>', '"'), array('%3C', '%3E', '%22'), $strRequest); - - // Do not urldecode() here (thanks to Russ McRee)! - return $strRequest; + return preg_replace('/^' . preg_quote(TL_PATH, '/') . '\/?/', '', static::get('requestUri')); } diff --git a/system/modules/core/library/Contao/Pagination.php b/system/modules/core/library/Contao/Pagination.php index c08a984611..71437ee335 100644 --- a/system/modules/core/library/Contao/Pagination.php +++ b/system/modules/core/library/Contao/Pagination.php @@ -227,7 +227,7 @@ public function generate($strSeparator=' ') $this->strUrl = preg_replace('/\?.*$/', '', \Environment::get('request')); // Prepare the URL - foreach (preg_split('/&(amp;)?/', $_SERVER['QUERY_STRING'], -1, PREG_SPLIT_NO_EMPTY) as $fragment) + foreach (preg_split('/&(amp;)?/', \Environment::get('queryString'), -1, PREG_SPLIT_NO_EMPTY) as $fragment) { if (strpos($fragment, $this->strParameter . '=') === false) { diff --git a/system/modules/listing/modules/ModuleListing.php b/system/modules/listing/modules/ModuleListing.php index 20cd98bd44..1c5d0217b9 100644 --- a/system/modules/listing/modules/ModuleListing.php +++ b/system/modules/listing/modules/ModuleListing.php @@ -237,7 +237,7 @@ protected function compile() $strUrl = preg_replace('/\?.*$/', '', \Environment::get('request')); $blnQuery = false; - foreach (preg_split('/&(amp;)?/', $_SERVER['QUERY_STRING']) as $fragment) + foreach (preg_split('/&(amp;)?/', \Environment::get('queryString')) as $fragment) { if ($fragment != '' && strncasecmp($fragment, 'order_by', 8) !== 0 && strncasecmp($fragment, 'sort', 4) !== 0 && strncasecmp($fragment, $id, strlen($id)) !== 0) {