nevergone · April 29, 2018 14:22
diff --git a/D5-SA-CORE-2018-002.patch b/D5-SA-CORE-2018-002.patch
 diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
 index 5b2e5ab..b2e00ab 100644
 --- a/includes/bootstrap.inc
 +++ b/includes/bootstrap.inc
 @@ -911,6 +911,7 @@ function _drupal_bootstrap($phase) {
       drupal_unset_globals();
       // Initialize the configuration
       conf_init();
 +      _drupal_bootstrap_sanitize_request();
       break;
 
     case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
 @@ -1024,3 +1025,57 @@ function get_t() {
   }
   return $t;
 }
 +
 +/**
 + * Sanitizes unsafe keys from the request.
 + */
 +function _drupal_bootstrap_sanitize_request() {
 +  global $conf;
 +  static $sanitized;
 +
 +  if (!$sanitized) {
 +    // Ensure the whitelist array exists.
 +    if (!isset($conf['sanitize_input_whitelist']) || !is_array($conf['sanitize_input_whitelist'])) {
 +      $conf['sanitize_input_whitelist'] = array();
 +    }
 +
 +    $sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
 +    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
 +    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
 +    $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
 +    $sanitized_keys = array_unique($sanitized_keys);
 +
 +    if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
 +      trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
 +    }
 +
 +    $sanitized = TRUE;
 +  }
 +}
 +
 +/**
 + * Sanitizes unsafe keys from user input.
 + *
 + * @param mixed $input
 + *   Input to sanitize.
 + * @param array $whitelist
 + *   Whitelist of values.
 + * @return array
 + */
 +function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
 +  $sanitized_keys = array();
 +
 +  if (is_array($input)) {
 +    foreach ($input as $key => $value) {
 +      if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
 +        unset($input[$key]);
 +        $sanitized_keys[] = $key;
 +      }
 +      elseif (is_array($input[$key])) {
 +        $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
 +      }
 +    }
 +  }
 +
 +  return $sanitized_keys;
 +}
	diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
	index 5b2e5ab..b2e00ab 100644
	--- a/includes/bootstrap.inc
	+++ b/includes/bootstrap.inc
	@@ -911,6 +911,7 @@ function _drupal_bootstrap($phase) {
	drupal_unset_globals();
	// Initialize the configuration
	conf_init();
	+ _drupal_bootstrap_sanitize_request();
	break;

	case DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE:
	@@ -1024,3 +1025,57 @@ function get_t() {
	}
	return $t;
	}
	+
	+/**
	+ * Sanitizes unsafe keys from the request.
	+ */
	+function _drupal_bootstrap_sanitize_request() {
	+ global $conf;
	+ static $sanitized;
	+
	+ if (!$sanitized) {
	+ // Ensure the whitelist array exists.
	+ if (!isset($conf['sanitize_input_whitelist']) \|\| !is_array($conf['sanitize_input_whitelist'])) {
	+ $conf['sanitize_input_whitelist'] = array();
	+ }
	+
	+ $sanitized_keys = _drupal_bootstrap_sanitize_input($_GET, $conf['sanitize_input_whitelist']);
	+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_POST, $conf['sanitize_input_whitelist']));
	+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_REQUEST, $conf['sanitize_input_whitelist']));
	+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($_COOKIE, $conf['sanitize_input_whitelist']));
	+ $sanitized_keys = array_unique($sanitized_keys);
	+
	+ if (count($sanitized_keys) && !empty($conf['sanitize_input_logging'])) {
	+ trigger_error(check_plain(sprintf('Potentially unsafe keys removed from request parameters: %s', implode(', ', $sanitized_keys)), E_USER_WARNING));
	+ }
	+
	+ $sanitized = TRUE;
	+ }
	+}
	+
	+/**
	+ * Sanitizes unsafe keys from user input.
	+ *
	+ * @param mixed $input
	+ * Input to sanitize.
	+ * @param array $whitelist
	+ * Whitelist of values.
	+ * @return array
	+ */
	+function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
	+ $sanitized_keys = array();
	+
	+ if (is_array($input)) {
	+ foreach ($input as $key => $value) {
	+ if ($key !== '' && $key[0] === '#' && !in_array($key, $whitelist, TRUE)) {
	+ unset($input[$key]);
	+ $sanitized_keys[] = $key;
	+ }
	+ elseif (is_array($input[$key])) {
	+ $sanitized_keys = array_merge($sanitized_keys, _drupal_bootstrap_sanitize_input($input[$key], $whitelist));
	+ }
	+ }
	+ }
	+
	+ return $sanitized_keys;
	+}