diff options
author | Kate Butler <kate@innocraft.com> | 2019-07-11 02:55:44 +0300 |
---|---|---|
committer | Thomas Steur <tsteur@users.noreply.github.com> | 2019-07-11 02:55:44 +0300 |
commit | e7ad74d751e61c2cb7bf8a87e3002dd7f04df716 (patch) | |
tree | a5927780e2c60def86caec04e5ce28c5b833d990 | |
parent | 950e7c76f0ff82ff3c45ffd85f1a97b19a393961 (diff) |
Only permit scalar values for custom variables (#14640)
* Unit test to reproduce strlen warning
* Unit test/validation for non-string custom variable values
-rw-r--r-- | core/Tracker/Request.php | 3 | ||||
-rw-r--r-- | tests/PHPUnit/Integration/Tracker/RequestTest.php | 10 |
2 files changed, 12 insertions, 1 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index c7ad5c48f2..e1c59f5e05 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -620,7 +620,8 @@ class Request if ($id < 1 || $id > $maxCustomVars || count($keyValue) != 2 - || (!is_string($keyValue[0]) && !is_numeric($keyValue[0])) + || (!is_string($keyValue[0]) && !is_numeric($keyValue[0]) + || (!is_string($keyValue[1]) && !is_numeric($keyValue[1]))) ) { Common::printDebug("Invalid custom variables detected (id=$id)"); continue; diff --git a/tests/PHPUnit/Integration/Tracker/RequestTest.php b/tests/PHPUnit/Integration/Tracker/RequestTest.php index bf3cc0389b..ca7167ea92 100644 --- a/tests/PHPUnit/Integration/Tracker/RequestTest.php +++ b/tests/PHPUnit/Integration/Tracker/RequestTest.php @@ -229,6 +229,16 @@ class RequestTest extends IntegrationTestCase $this->assertCustomVariablesInPageScope($expected, $customVars); } + public function test_getCustomVariables_nonStringInput() + { + $input = array('mykey' => array('myarraykey' => 'myvalue'), 'myotherkey' => 2); + $customVars = $this->buildCustomVars($input); + // Int value should come through; array value is invalid so should be discarded + $expected = array('custom_var_k2' => 'myotherkey', 'custom_var_v2' => 2); + + $this->assertCustomVariablesInPageScope($expected, $customVars); + } + public function test_isAuthenticated_ShouldBeNotAuthenticatedInTestsByDefault() { $this->assertFalse($this->request->isAuthenticated()); |