|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* This file is part of the Superdesk Web Publisher Content Bundle. |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright 2017 Sourcefabric z.ú. and contributors. |
|
9
|
|
|
* |
|
10
|
|
|
* For the full copyright and license information, please see the |
|
11
|
|
|
* AUTHORS and LICENSE files distributed with this source code. |
|
12
|
|
|
* |
|
13
|
|
|
* @copyright 2017 Sourcefabric z.ú |
|
14
|
|
|
* @license http://www.superdesk.org/license |
|
15
|
|
|
*/ |
|
16
|
|
|
|
|
17
|
|
|
namespace SWP\Bundle\ContentBundle\EventListener; |
|
18
|
|
|
|
|
19
|
|
|
use SWP\Component\Common\Exception\ArticleNotFoundException; |
|
20
|
|
|
use Symfony\Component\HttpFoundation\RedirectResponse; |
|
21
|
|
|
use Symfony\Component\HttpFoundation\Response; |
|
22
|
|
|
use Symfony\Component\HttpKernel\Event\ExceptionEvent; |
|
23
|
|
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; |
|
24
|
|
|
use Symfony\Component\Routing\RouterInterface; |
|
25
|
|
|
|
|
26
|
|
|
final class ArticleNotFoundListener |
|
27
|
|
|
{ |
|
28
|
|
|
private $router; |
|
29
|
|
|
|
|
30
|
|
|
private $redirectNotFoundArticles; |
|
31
|
|
|
|
|
32
|
|
|
public function __construct(RouterInterface $router, bool $redirectNotFoundArticles) |
|
33
|
|
|
{ |
|
34
|
|
|
$this->router = $router; |
|
35
|
|
|
$this->redirectNotFoundArticles = $redirectNotFoundArticles; |
|
36
|
|
|
} |
|
37
|
|
|
|
|
38
|
|
|
public function onKernelException(ExceptionEvent $event) |
|
39
|
|
|
{ |
|
40
|
|
|
$exception = $event->getException(); |
|
41
|
|
|
$request = $event->getRequest(); |
|
42
|
|
|
if (!$this->redirectNotFoundArticles || !$exception instanceof ArticleNotFoundException) { |
|
43
|
|
|
return; |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
$route = 'homepage'; |
|
47
|
|
|
if ($request->attributes->has('routeMeta')) { |
|
48
|
|
|
$route = $request->attributes->get('routeMeta'); |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
$event->setResponse(new RedirectResponse( |
|
52
|
|
|
$this->router->generate($route, [], UrlGeneratorInterface::ABSOLUTE_URL), |
|
|
|
|
|
|
53
|
|
|
Response::HTTP_MOVED_PERMANENTLY |
|
54
|
|
|
)); |
|
55
|
|
|
} |
|
56
|
|
|
} |
|
57
|
|
|
|
$this->router->generate(...nterface::ABSOLUTE_URL)can contain request data and is used in output context(s) leading to a potential security vulnerability.4 paths for user data to reach this point
$this->parameters['HTTP_AUTHORIZATION']seems to return tainted data, and$authorizationHeaderis assigned in ServerBag.php on line 62$this->parameters['HTTP_AUTHORIZATION']seems to return tainted data, and$authorizationHeaderis assignedin vendor/ServerBag.php on line 62
in vendor/ServerBag.php on line 77
in vendor/ParameterBag.php on line 84
$baseUrlis assignedin vendor/Request.php on line 1770
$baseUrlis passed through rtrim()in vendor/Request.php on line 1826
in vendor/Request.php on line 882
in vendor/Request.php on line 885
$request->getBaseUrl()is passed to RequestContext::setBaseUrl()in vendor/RequestContext.php on line 55
in vendor/RequestContext.php on line 86
in vendor/RequestContext.php on line 74
$urlis assignedin vendor/Generator/UrlGenerator.php on line 279
in vendor/Generator/CompiledUrlGenerator.php on line 56
in vendor/Router.php on line 254
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$_POST,and$_POSTis passed to Request::createRequestFromFactory() in Request.php on line 281$_POST,and$_POSTis passed to Request::createRequestFromFactory()in vendor/Request.php on line 281
$requestis passed to Request::__construct()in vendor/Request.php on line 1953
$requestis passed to Request::initialize()in vendor/Request.php on line 235
$requestis passed to ParameterBag::__construct()in vendor/Request.php on line 253
in vendor/ParameterBag.php on line 31
in vendor/ParameterBag.php on line 84
$baseUrlis assignedin vendor/Request.php on line 1770
$baseUrlis passed through rtrim()in vendor/Request.php on line 1826
in vendor/Request.php on line 882
in vendor/Request.php on line 885
$request->getBaseUrl()is passed to RequestContext::setBaseUrl()in vendor/RequestContext.php on line 55
in vendor/RequestContext.php on line 86
in vendor/RequestContext.php on line 74
$urlis assignedin vendor/Generator/UrlGenerator.php on line 279
in vendor/Generator/CompiledUrlGenerator.php on line 56
in vendor/Router.php on line 254
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$this->parameters['PHP_AUTH_USER']seems to return tainted data, and$headersis assigned in ServerBag.php on line 43$this->parameters['PHP_AUTH_USER']seems to return tainted data, and$headersis assignedin vendor/ServerBag.php on line 43
$headersis assignedin vendor/ServerBag.php on line 44
$this->server->getHeaders()is passed to HeaderBag::__construct()in vendor/Request.php on line 259
$valuesis assignedin vendor/HeaderBag.php on line 29
$valuesis passed to HeaderBag::set()in vendor/HeaderBag.php on line 30
$valuesis passed through array_values(), and$valuesis assignedin vendor/HeaderBag.php on line 142
in vendor/HeaderBag.php on line 145
in vendor/HeaderBag.php on line 65
$headersis assignedin vendor/HeaderBag.php on line 113
$hostis assignedin vendor/Request.php on line 1149
$hostis passed through trim(), andtrim($host)is passed through preg_replace(), andpreg_replace('/:\\d+$/', '', trim($host))is passed through strtolower(), and$hostis assignedin vendor/Request.php on line 1157
$request->getHost()is passed to RequestContext::setHost()in vendor/RequestContext.php on line 58
$hostis passed through strtolower(), and RequestContext::$host is assignedin vendor/RequestContext.php on line 162
in vendor/RequestContext.php on line 150
$uriis assignedin src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
$this->parameters['PHP_AUTH_PW']seems to return tainted data, and$headersis assigned in ServerBag.php on line 44$this->parameters['PHP_AUTH_PW']seems to return tainted data, and$headersis assignedin vendor/ServerBag.php on line 44
$this->server->getHeaders()is passed to HeaderBag::__construct()in vendor/Request.php on line 259
$valuesis assignedin vendor/HeaderBag.php on line 29
$valuesis passed to HeaderBag::set()in vendor/HeaderBag.php on line 30
$valuesis passed through array_values(), and$valuesis assignedin vendor/HeaderBag.php on line 142
in vendor/HeaderBag.php on line 145
in vendor/HeaderBag.php on line 65
$headersis assignedin vendor/HeaderBag.php on line 113
$hostis assignedin vendor/Request.php on line 1149
$hostis passed through trim(), andtrim($host)is passed through preg_replace(), andpreg_replace('/:\\d+$/', '', trim($host))is passed through strtolower(), and$hostis assignedin vendor/Request.php on line 1157
$request->getHost()is passed to RequestContext::setHost()in vendor/RequestContext.php on line 58
$hostis passed through strtolower(), and RequestContext::$host is assignedin vendor/RequestContext.php on line 162
in vendor/RequestContext.php on line 150
$uriis assignedin src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 83
in src/SWP/Bundle/ContentBundle/Manager/MediaManager.php on line 70
in src/SWP/Bundle/CoreBundle/Routing/ArticleAuthorMediaRouter.php on line 47
in src/SWP/Bundle/ContentBundle/EventListener/ArticleNotFoundListener.php on line 52
Used in output context
in vendor/RedirectResponse.php on line 39
in vendor/RedirectResponse.php on line 92
in vendor/Response.php on line 404
in vendor/Response.php on line 363
Preventing Cross-Site-Scripting Attacks
Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.
In order to prevent this, make sure to escape all user-provided data:
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); }For numeric data, we recommend to explicitly cast the data: