From 9ad00c819e433e30260df13491779920ce482bce Mon Sep 17 00:00:00 2001
From: David Grudl <david@grudl.com>
Date: Thu, 19 Feb 2015 16:16:23 +0100
Subject: [PATCH] HttpRequest: drops non-UTF8 strings, but control characters
 only removes

---
 src/Http/RequestFactory.php             | 15 ++++++------
 tests/Http/Request.invalidEncoding.phpt | 31 ++++---------------------
 2 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php
index 0faa8d39..92b82159 100644
--- a/src/Http/RequestFactory.php
+++ b/src/Http/RequestFactory.php
@@ -19,7 +19,7 @@
 class RequestFactory extends Nette\Object
 {
 	/** @internal */
-	const CHARS = '#^[\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}]*+\z#u';
+	const CHARS = '\x09\x0A\x0D\x20-\x7E\xA0-\x{10FFFF}';
 
 	/** @var array */
 	public $urlFilters = array(
@@ -137,6 +137,7 @@ public function createHttpRequest()
 		$gpc = (bool) get_magic_quotes_gpc();
 
 		// remove fucking quotes, control characters and check encoding
+		$reChars = '#^[' . self::CHARS . ']*+\z#u';
 		if ($gpc || !$this->binary) {
 			$list = array(& $query, & $post, & $cookies);
 			while (list($key, $val) = each($list)) {
@@ -147,7 +148,7 @@ public function createHttpRequest()
 						$k = stripslashes($k);
 					}
 
-					if (!$this->binary && is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
+					if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
 						// invalid key -> ignore
 
 					} elseif (is_array($v)) {
@@ -158,8 +159,8 @@ public function createHttpRequest()
 						if ($gpc && !$useFilter) {
 							$v = stripSlashes($v);
 						}
-						if (!$this->binary && (!preg_match(self::CHARS, $v) || preg_last_error())) {
-							$v = '';
+						if (!$this->binary) {
+							$v = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v);
 						}
 						$list[$key][$k] = $v;
 					}
@@ -174,7 +175,7 @@ public function createHttpRequest()
 		$list = array();
 		if (!empty($_FILES)) {
 			foreach ($_FILES as $k => $v) {
-				if (!$this->binary && is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
+				if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
 					continue;
 				}
 				$v['@'] = & $files[$k];
@@ -190,7 +191,7 @@ public function createHttpRequest()
 				if ($gpc) {
 					$v['name'] = stripSlashes($v['name']);
 				}
-				if (!$this->binary && (!preg_match(self::CHARS, $v['name']) || preg_last_error())) {
+				if (!$this->binary && (!preg_match($reChars, $v['name']) || preg_last_error())) {
 					$v['name'] = '';
 				}
 				if ($v['error'] !== UPLOAD_ERR_NO_FILE) {
@@ -200,7 +201,7 @@ public function createHttpRequest()
 			}
 
 			foreach ($v['name'] as $k => $foo) {
-				if (!$this->binary && is_string($k) && (!preg_match(self::CHARS, $k) || preg_last_error())) {
+				if (!$this->binary && is_string($k) && (!preg_match($reChars, $k) || preg_last_error())) {
 					continue;
 				}
 				$list[] = array(
diff --git a/tests/Http/Request.invalidEncoding.phpt b/tests/Http/Request.invalidEncoding.phpt
index 2e48a241..e4aa1fe9 100644
--- a/tests/Http/Request.invalidEncoding.phpt
+++ b/tests/Http/Request.invalidEncoding.phpt
@@ -13,7 +13,7 @@ require __DIR__ . '/../bootstrap.php';
 
 // Setup environment
 define('INVALID', "\xC4\x76\xC5\xBE");
-define('CONTROL_CHARACTERS', "A\x00B\x80C");
+define('CONTROL_CHARACTERS', "A\x01B\x02C");
 
 $_GET = array(
 	'invalid' => INVALID,
@@ -61,27 +61,6 @@ $_FILES = array(
 		'error' => 0,
 		'size' => 209,
 	),
-	'file2' => array(
-		'name' => array(
-			2 => INVALID,
-		),
-
-		'type' => array(
-			2 => INVALID,
-		),
-
-		'tmp_name' => array(
-			2 => 'C:\\PHP\\temp\\php1D5C.tmp',
-		),
-
-		'error' => array(
-			2 => 0,
-		),
-
-		'size' => array(
-			2 => 3013,
-		),
-	),
 );
 
 test(function() { // unfiltered data
@@ -118,19 +97,19 @@ test(function() { // filtered data
 	$request = $factory->createHttpRequest();
 
 	Assert::same( '', $request->getQuery('invalid') );
-	Assert::same( '', $request->getQuery('control') );
+	Assert::same( 'ABC', $request->getQuery('control') );
 	Assert::null( $request->getQuery(INVALID) );
 	Assert::null( $request->getQuery(CONTROL_CHARACTERS) );
 	Assert::false( isset($request->query['array'][INVALID]) );
 
 	Assert::same( '', $request->getPost('invalid') );
-	Assert::same( '', $request->getPost('control') );
+	Assert::same( 'ABC', $request->getPost('control') );
 	Assert::null( $request->getPost(INVALID) );
 	Assert::null( $request->getPost(CONTROL_CHARACTERS) );
 	Assert::false( isset($request->post['array'][INVALID]) );
 
 	Assert::same( '', $request->getCookie('invalid') );
-	Assert::same( '', $request->getCookie('control') );
+	Assert::same( 'ABC', $request->getCookie('control') );
 	Assert::null( $request->getCookie(INVALID) );
 	Assert::null( $request->getCookie(CONTROL_CHARACTERS) );
 	Assert::false( isset($request->cookies['array'][INVALID]) );
@@ -139,6 +118,4 @@ test(function() { // filtered data
 	Assert::null( $request->getFile(CONTROL_CHARACTERS) );
 	Assert::type( 'Nette\Http\FileUpload', $request->files['file1'] );
 	Assert::same( '', $request->files['file1']->name );
-	Assert::type( 'Nette\Http\FileUpload', $request->files['file2'][2] );
-	Assert::same( '', $request->files['file2'][2]->name );
 });