Fix injection of routing parameters into sql queries
authorMarcel Werk <burntime@woltlab.com>
Fri, 2 Aug 2024 09:12:23 +0000 (11:12 +0200)
committerMarcel Werk <burntime@woltlab.com>
Fri, 2 Aug 2024 09:12:23 +0000 (11:12 +0200)
ref https://www.woltlab.com/community/thread/307511-array-to-string-conversion/

wcfsetup/install/files/lib/system/database/Database.class.php

index f8e924179d98871e4fc454f89030956014c378f4..32c6d2f6e770705586fd625225fd6c2ff9088105 100644 (file)
@@ -315,7 +315,12 @@ abstract class Database
                         $requestInformation = \substr($requestInformation, 0, 70);
                         $requestInformation .= ' (' . $requestId . ')';
                     }
-                    if (isset($_REQUEST['className']) && isset($_REQUEST['actionName'])) {
+                    if (
+                        isset($_REQUEST['className'])
+                        && isset($_REQUEST['actionName'])
+                        && \is_string($_REQUEST['className'])
+                        && \is_string($_REQUEST['actionName'])
+                    ) {
                         $requestInformation = \substr($requestInformation, 0, 90);
                         $requestInformation .= ' (' . $_REQUEST['className'] . ':' . $_REQUEST['actionName'] . ')';
                     }