diff options
author | Kate Butler <kate@innocraft.com> | 2019-07-11 02:55:44 +0300 |
---|---|---|
committer | Thomas Steur <tsteur@users.noreply.github.com> | 2019-07-11 02:55:44 +0300 |
commit | e7ad74d751e61c2cb7bf8a87e3002dd7f04df716 (patch) | |
tree | a5927780e2c60def86caec04e5ce28c5b833d990 /core/Tracker/Request.php | |
parent | 950e7c76f0ff82ff3c45ffd85f1a97b19a393961 (diff) |
Only permit scalar values for custom variables (#14640)
* Unit test to reproduce strlen warning
* Unit test/validation for non-string custom variable values
Diffstat (limited to 'core/Tracker/Request.php')
-rw-r--r-- | core/Tracker/Request.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/Tracker/Request.php b/core/Tracker/Request.php index c7ad5c48f2..e1c59f5e05 100644 --- a/core/Tracker/Request.php +++ b/core/Tracker/Request.php @@ -620,7 +620,8 @@ class Request if ($id < 1 || $id > $maxCustomVars || count($keyValue) != 2 - || (!is_string($keyValue[0]) && !is_numeric($keyValue[0])) + || (!is_string($keyValue[0]) && !is_numeric($keyValue[0]) + || (!is_string($keyValue[1]) && !is_numeric($keyValue[1]))) ) { Common::printDebug("Invalid custom variables detected (id=$id)"); continue; |