1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* This file is part of the Superdesk Web Publisher Content Bundle. |
7
|
|
|
* |
8
|
|
|
* Copyright 2017 Sourcefabric z.ú. and contributors. |
9
|
|
|
* |
10
|
|
|
* For the full copyright and license information, please see the |
11
|
|
|
* AUTHORS and LICENSE files distributed with this source code. |
12
|
|
|
* |
13
|
|
|
* @copyright 2017 Sourcefabric z.ú |
14
|
|
|
* @license http://www.superdesk.org/license |
15
|
|
|
*/ |
16
|
|
|
|
17
|
|
|
namespace SWP\Bundle\ContentBundle\EventListener; |
18
|
|
|
|
19
|
|
|
use SWP\Component\Common\Exception\ArticleNotFoundException; |
20
|
|
|
use Symfony\Component\HttpFoundation\RedirectResponse; |
21
|
|
|
use Symfony\Component\HttpFoundation\Response; |
22
|
|
|
use Symfony\Component\HttpKernel\Event\ExceptionEvent; |
23
|
|
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; |
24
|
|
|
use Symfony\Component\Routing\RouterInterface; |
25
|
|
|
|
26
|
|
|
final class ArticleNotFoundListener |
27
|
|
|
{ |
28
|
|
|
private $router; |
29
|
|
|
|
30
|
|
|
private $redirectNotFoundArticles; |
31
|
|
|
|
32
|
|
|
public function __construct(RouterInterface $router, bool $redirectNotFoundArticles) |
33
|
|
|
{ |
34
|
|
|
$this->router = $router; |
35
|
|
|
$this->redirectNotFoundArticles = $redirectNotFoundArticles; |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
public function onKernelException(ExceptionEvent $event) |
39
|
|
|
{ |
40
|
|
|
$exception = $event->getException(); |
41
|
|
|
$request = $event->getRequest(); |
42
|
|
|
if (!$this->redirectNotFoundArticles || !$exception instanceof ArticleNotFoundException) { |
43
|
|
|
return; |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
$route = 'homepage'; |
47
|
|
|
if ($request->attributes->has('routeMeta')) { |
48
|
|
|
$route = $request->attributes->get('routeMeta'); |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
$event->setResponse(new RedirectResponse( |
52
|
|
|
$this->router->generate($route, [], UrlGeneratorInterface::ABSOLUTE_URL), |
|
|
|
|
53
|
|
|
Response::HTTP_MOVED_PERMANENTLY |
54
|
|
|
)); |
55
|
|
|
} |
56
|
|
|
} |
57
|
|
|
|
$this->router->generate(...nterface::ABSOLUTE_URL)
can contain request data and is used in output context(s) leading to a potential security vulnerability.4 paths for user data to reach this point
$this->parameters['HTTP_AUTHORIZATION']
seems to return tainted data, and$authorizationHeader
is assigned in ServerBag.php on line 62$this->parameters['HTTP_AUTHORIZATION']
seems to return tainted data, and$authorizationHeader
is assignedin vendor/ServerBag.php on line 62
in vendor/ServerBag.php on line 77
in vendor/ParameterBag.php on line 84
$baseUrl
is assignedin vendor/Request.php on line 1770
$baseUrl
is passed through rtrim()in vendor/Request.php on line 1826
in vendor/Request.php on line 882
in vendor/Request.php on line 885
$request->getBaseUrl()
is passed to RequestContext::setBaseUrl()in vendor/RequestContext.php on line 55
in vendor/RequestContext.php on line 86
in vendor/RequestContext.php on line 74
$url
is assignedin vendor/Generator/UrlGenerator.php on line 279
in vendor/Generator/CompiledUrlGenerator.php on line 56
in vendor/Router.php on line 254
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$_POST,
and$_POST
is passed to Request::createRequestFromFactory() in Request.php on line 281$_POST,
and$_POST
is passed to Request::createRequestFromFactory()in vendor/Request.php on line 281
$request
is passed to Request::__construct()in vendor/Request.php on line 1953
$request
is passed to Request::initialize()in vendor/Request.php on line 235
$request
is passed to ParameterBag::__construct()in vendor/Request.php on line 253
in vendor/ParameterBag.php on line 31
in vendor/ParameterBag.php on line 84
$baseUrl
is assignedin vendor/Request.php on line 1770
$baseUrl
is passed through rtrim()in vendor/Request.php on line 1826
in vendor/Request.php on line 882
in vendor/Request.php on line 885
$request->getBaseUrl()
is passed to RequestContext::setBaseUrl()in vendor/RequestContext.php on line 55
in vendor/RequestContext.php on line 86
in vendor/RequestContext.php on line 74
$url
is assignedin vendor/Generator/UrlGenerator.php on line 279
in vendor/Generator/CompiledUrlGenerator.php on line 56
in vendor/Router.php on line 254
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$this->parameters['PHP_AUTH_USER']
seems to return tainted data, and$headers
is assigned in ServerBag.php on line 43$this->parameters['PHP_AUTH_USER']
seems to return tainted data, and$headers
is assignedin vendor/ServerBag.php on line 43
$headers
is assignedin vendor/ServerBag.php on line 44
$this->server->getHeaders()
is passed to HeaderBag::__construct()in vendor/Request.php on line 259
$values
is assignedin vendor/HeaderBag.php on line 29
$values
is passed to HeaderBag::set()in vendor/HeaderBag.php on line 30
$values
is passed through array_values(), and$values
is assignedin vendor/HeaderBag.php on line 142
in vendor/HeaderBag.php on line 145
in vendor/HeaderBag.php on line 65
$headers
is assignedin vendor/HeaderBag.php on line 113
$host
is assignedin vendor/Request.php on line 1149
$host
is passed through trim(), andtrim($host)
is passed through preg_replace(), andpreg_replace('/:\\d+$/', '', trim($host))
is passed through strtolower(), and$host
is assignedin vendor/Request.php on line 1157
$request->getHost()
is passed to RequestContext::setHost()in vendor/RequestContext.php on line 58
$host
is passed through strtolower(), and RequestContext::$host is assignedin vendor/RequestContext.php on line 162
in vendor/RequestContext.php on line 150
$uri
is assignedin src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$this->parameters['PHP_AUTH_PW']
seems to return tainted data, and$headers
is assigned in ServerBag.php on line 44$this->parameters['PHP_AUTH_PW']
seems to return tainted data, and$headers
is assignedin vendor/ServerBag.php on line 44
$this->server->getHeaders()
is passed to HeaderBag::__construct()in vendor/Request.php on line 259
$values
is assignedin vendor/HeaderBag.php on line 29
$values
is passed to HeaderBag::set()in vendor/HeaderBag.php on line 30
$values
is passed through array_values(), and$values
is assignedin vendor/HeaderBag.php on line 142
in vendor/HeaderBag.php on line 145
in vendor/HeaderBag.php on line 65
$headers
is assignedin vendor/HeaderBag.php on line 113
$host
is assignedin vendor/Request.php on line 1149
$host
is passed through trim(), andtrim($host)
is passed through preg_replace(), andpreg_replace('/:\\d+$/', '', trim($host))
is passed through strtolower(), and$host
is assignedin vendor/Request.php on line 1157
$request->getHost()
is passed to RequestContext::setHost()in vendor/RequestContext.php on line 58
$host
is passed through strtolower(), and RequestContext::$host is assignedin vendor/RequestContext.php on line 162
in vendor/RequestContext.php on line 150
$uri
is assignedin src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
Used in output context
in vendor/RedirectResponse.php on line 39
in vendor/RedirectResponse.php on line 92
in vendor/Response.php on line 404
in vendor/Response.php on line 363
Preventing Cross-Site-Scripting Attacks
Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.
In order to prevent this, make sure to escape all user-provided data:
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: