From 1904616667eafbf9504b5f3d4eced9c7ceb38a27 Mon Sep 17 00:00:00 2001 From: Sean Madsen Date: Sat, 21 Apr 2018 20:25:55 -0400 Subject: [PATCH] security/core#2 Harden some of the "mode" inputs --- CRM/Contribute/Form/AbstractEditPayment.php | 2 +- CRM/Contribute/Form/Contribution.php | 2 +- CRM/Contribute/Page/Tab.php | 2 +- CRM/Event/Page/Tab.php | 2 +- CRM/Member/Form.php | 2 +- CRM/Member/Page/Tab.php | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CRM/Contribute/Form/AbstractEditPayment.php b/CRM/Contribute/Form/AbstractEditPayment.php index 0c6b84a8ce..62295f1c70 100644 --- a/CRM/Contribute/Form/AbstractEditPayment.php +++ b/CRM/Contribute/Form/AbstractEditPayment.php @@ -248,7 +248,7 @@ class CRM_Contribute_Form_AbstractEditPayment extends CRM_Contact_Form_Task { $this->assign('contactID', $this->_contactID); CRM_Core_Resources::singleton()->addVars('coreForm', array('contact_id' => (int) $this->_contactID)); $this->_action = CRM_Utils_Request::retrieve('action', 'String', $this, FALSE, 'add'); - $this->_mode = empty($this->_mode) ? CRM_Utils_Request::retrieve('mode', 'String', $this) : $this->_mode; + $this->_mode = empty($this->_mode) ? CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this) : $this->_mode; $this->assign('isBackOffice', $this->isBackOffice); $this->assignPaymentRelatedVariables(); } diff --git a/CRM/Contribute/Form/Contribution.php b/CRM/Contribute/Form/Contribution.php index 61c40e4c1d..77a15ced82 100644 --- a/CRM/Contribute/Form/Contribution.php +++ b/CRM/Contribute/Form/Contribution.php @@ -258,7 +258,7 @@ class CRM_Contribute_Form_Contribution extends CRM_Contribute_Form_AbstractEditP $this->_compContext = CRM_Utils_Request::retrieve('compContext', 'String', $this); //set the contribution mode. - $this->_mode = CRM_Utils_Request::retrieve('mode', 'String', $this); + $this->_mode = CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this); $this->assign('contributionMode', $this->_mode); if ($this->_action & CRM_Core_Action::DELETE) { diff --git a/CRM/Contribute/Page/Tab.php b/CRM/Contribute/Page/Tab.php index 5dabc4f2b8..b5c20a9e0c 100644 --- a/CRM/Contribute/Page/Tab.php +++ b/CRM/Contribute/Page/Tab.php @@ -295,7 +295,7 @@ class CRM_Contribute_Page_Tab extends CRM_Core_Page { */ public function edit() { // set https for offline cc transaction - $mode = CRM_Utils_Request::retrieve('mode', 'String', $this); + $mode = CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this); if ($mode == 'test' || $mode == 'live') { CRM_Utils_System::redirectToSSL(); } diff --git a/CRM/Event/Page/Tab.php b/CRM/Event/Page/Tab.php index d2ffcb183b..c0b1855dd5 100644 --- a/CRM/Event/Page/Tab.php +++ b/CRM/Event/Page/Tab.php @@ -95,7 +95,7 @@ class CRM_Event_Page_Tab extends CRM_Core_Page { */ public function edit() { // set https for offline cc transaction - $mode = CRM_Utils_Request::retrieve('mode', 'String', $this); + $mode = CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this); if ($mode == 'test' || $mode == 'live') { CRM_Utils_System::redirectToSSL(); } diff --git a/CRM/Member/Form.php b/CRM/Member/Form.php index 5485ed8873..4c41ab201f 100644 --- a/CRM/Member/Form.php +++ b/CRM/Member/Form.php @@ -112,7 +112,7 @@ class CRM_Member_Form extends CRM_Contribute_Form_AbstractEditPayment { $params = array(); $params['context'] = CRM_Utils_Request::retrieve('context', 'Alphanumeric', $this, FALSE, 'membership'); $params['id'] = CRM_Utils_Request::retrieve('id', 'Positive', $this); - $params['mode'] = CRM_Utils_Request::retrieve('mode', 'String', $this); + $params['mode'] = CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this); $this->setContextVariables($params); diff --git a/CRM/Member/Page/Tab.php b/CRM/Member/Page/Tab.php index d54e4f5715..58347f05dd 100644 --- a/CRM/Member/Page/Tab.php +++ b/CRM/Member/Page/Tab.php @@ -264,7 +264,7 @@ class CRM_Member_Page_Tab extends CRM_Core_Page { */ public function edit() { // set https for offline cc transaction - $mode = CRM_Utils_Request::retrieve('mode', 'String', $this); + $mode = CRM_Utils_Request::retrieve('mode', 'Alphanumeric', $this); if ($mode == 'test' || $mode == 'live') { CRM_Utils_System::redirectToSSL(); } -- 2.25.1