From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 22 Sep 2021 11:59:54 +0000 (+0200)
Subject: Avoid the use of $_REQUEST in install.php
X-Git-Tag: 5.5.0_Alpha_1~419
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=598d1783def540dc78d9c06b1959db446a05b7f7;p=GitHub%2FWoltLab%2FWCF.git

Avoid the use of $_REQUEST in install.php
---

diff --git a/wcfsetup/install.php b/wcfsetup/install.php
index 4bbda85e9b..5aac593184 100644
--- a/wcfsetup/install.php
+++ b/wcfsetup/install.php
@@ -1182,18 +1182,18 @@ class GZipFile extends File {
 	}
 }
 
-// let's go
-// get temp file prefix
-if (isset($_REQUEST['tmpFilePrefix'])) {
-	$prefix = preg_replace('/[^a-f0-9_]+/', '', $_REQUEST['tmpFilePrefix']);
-}
-else {
-	$prefix = \bin2hex(\random_bytes(4));
-}
-define('TMP_FILE_PREFIX', $prefix);
+// Bootstrap Setup.
+
+$prefix = $_GET['tmpFilePrefix'] ?? $_POST['tmpFilePrefix'] ?? \bin2hex(\random_bytes(4));
+\define(
+	'TMP_FILE_PREFIX',
+	\preg_replace('/[^a-f0-9_]+/', '', $prefix)
+);
 
-// try to find the temp folder
-define('TMP_DIR', BasicFileUtil::getInstallTempFolder());
+\define(
+	'TMP_DIR',
+	BasicFileUtil::getInstallTempFolder()
+);
 
 // check whether setup files are already unzipped
 if (!file_exists(TMP_DIR . 'install/files/lib/system/WCFSetup.class.php')) {