Discussions and requests related to new CMSimple features, plugins, templates etc. and how to develop.
Please don't ask for support at this forums!
-
cmb
- Posts: 14225
- Joined: Tue Jun 21, 2011 11:04 am
- Location: Bingen, RLP, DE
-
Contact:
Post
by cmb » Fri Oct 05, 2012 11:20 am
Hello Community,
CMSimple_XH 1.5.4 introduced the check of all GPC parameters for valid UTF-8. But I overlooked the possibility of array parameters, so these wouldn't be checked. Either we fix this bug by changing the check to:
Code: Select all
function XH_checkValidUtf8($arr)
{
foreach ($arr as $elt) {
if (is_array($elt)) {
XH_checkValidUtf8($elt);
} elseif (!utf8_is_valid($elt)) {
header('HTTP/1.0 400 Bad Request'); // TODO: use "Status:" for FastCGI?
exit('Malformed UTF-8 detected!');
}
}
}
XH_checkValidUtf8(array($_GET, $_POST, $_COOKIE));
or we remove the check altogether.
Christoph
-
svasti
- Posts: 1659
- Joined: Wed Dec 17, 2008 5:08 pm
Post
by svasti » Tue Oct 09, 2012 10:13 pm
Where do you suggest to change what??? Which file, which line nr?
-
cmb
- Posts: 14225
- Joined: Tue Jun 21, 2011 11:04 am
- Location: Bingen, RLP, DE
-
Contact:
Post
by cmb » Tue Oct 09, 2012 10:20 pm
svasti wrote:Which file, which line nr?
The new code should replace cmsimple/cms.php line 188-195.