1*4882a593SmuzhiyunFrom d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Michael Larabel <michael@phoronix.com> 3*4882a593SmuzhiyunDate: Sat, 23 Jul 2022 07:32:43 -0500 4*4882a593SmuzhiyunSubject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in 5*4882a593Smuzhiyun phoromatic_quit_if_invalid_input_found() 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunFixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 8*4882a593Smuzhiyun 9*4882a593SmuzhiyunUpstream-Status: Backport 10*4882a593SmuzhiyunCVE: CVE-2022-40704 11*4882a593Smuzhiyun 12*4882a593SmuzhiyunReference to upstream patch: 13*4882a593Smuzhiyunhttps://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640 14*4882a593Smuzhiyun 15*4882a593SmuzhiyunSigned-off-by: Li Wang <li.wang@windriver.com> 16*4882a593Smuzhiyun--- 17*4882a593Smuzhiyun pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- 18*4882a593Smuzhiyun 1 file changed, 13 insertions(+), 2 deletions(-) 19*4882a593Smuzhiyun 20*4882a593Smuzhiyundiff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php 21*4882a593Smuzhiyunindex 74ccc5444c..c2313dcdea 100644 22*4882a593Smuzhiyun--- a/pts-core/phoromatic/phoromatic_functions.php 23*4882a593Smuzhiyun+++ b/pts-core/phoromatic/phoromatic_functions.php 24*4882a593Smuzhiyun@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) 25*4882a593Smuzhiyun { 26*4882a593Smuzhiyun foreach($input_keys as $key) 27*4882a593Smuzhiyun { 28*4882a593Smuzhiyun- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) 29*4882a593Smuzhiyun+ if(isset($_GET[$key]) && !empty($_GET[$key])) 30*4882a593Smuzhiyun { 31*4882a593Smuzhiyun- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) 32*4882a593Smuzhiyun+ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) 33*4882a593Smuzhiyun+ { 34*4882a593Smuzhiyun+ if(stripos($val_to_check, $invalid_string) !== false) 35*4882a593Smuzhiyun+ { 36*4882a593Smuzhiyun+ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check); 37*4882a593Smuzhiyun+ exit; 38*4882a593Smuzhiyun+ } 39*4882a593Smuzhiyun+ } 40*4882a593Smuzhiyun+ } 41*4882a593Smuzhiyun+ if(isset($_POST[$key]) && !empty($_POST[$key])) 42*4882a593Smuzhiyun+ { 43*4882a593Smuzhiyun+ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) 44*4882a593Smuzhiyun { 45*4882a593Smuzhiyun if(stripos($val_to_check, $invalid_string) !== false) 46*4882a593Smuzhiyun { 47