diff options
author | mattab <matthieu.aubry@gmail.com> | 2015-03-31 06:44:51 +0300 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2015-03-31 06:44:51 +0300 |
commit | ea59c0ed4a1a25183105097848a71272647bc614 (patch) | |
tree | 4cb24dacf61b1aab990172e9859ca2486c6356f1 /core/ReportRenderer.php | |
parent | d9b4bd8b7bcbbe7c1bac585805409cd97d5f939d (diff) |
Safe net against http header injection in email reports as the string can contain user submitted content
(likely it's been escaped upstream but we rather ensure security)
also fixes #7358
Diffstat (limited to 'core/ReportRenderer.php')
-rw-r--r-- | core/ReportRenderer.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/core/ReportRenderer.php b/core/ReportRenderer.php index 98cc547cd7..443c16df76 100644 --- a/core/ReportRenderer.php +++ b/core/ReportRenderer.php @@ -133,8 +133,11 @@ abstract class ReportRenderer extends BaseFactory * @param string $extension * @return string filename with extension */ - protected static function appendExtension($filename, $extension) + protected static function makeFilenameWithExtension($filename, $extension) { + // the filename can be used in HTTP headers, remove new lines to prevent HTTP header injection + $filename = str_replace(array("\n", "\t"), " ", $filename); + return $filename . "." . $extension; } @@ -156,7 +159,7 @@ abstract class ReportRenderer extends BaseFactory protected static function writeFile($filename, $extension, $content) { - $filename = self::appendExtension($filename, $extension); + $filename = self::makeFilenameWithExtension($filename, $extension); $outputFilename = self::getOutputPath($filename); $bytesWritten = file_put_contents($outputFilename, $content); @@ -169,7 +172,7 @@ abstract class ReportRenderer extends BaseFactory protected static function sendToBrowser($filename, $extension, $contentType, $content) { - $filename = ReportRenderer::appendExtension($filename, $extension); + $filename = ReportRenderer::makeFilenameWithExtension($filename, $extension); ProxyHttp::overrideCacheControlHeaders(); header('Content-Description: File Transfer'); |