From: Marcel Werk <burntime@woltlab.com>
Date: Fri, 2 Aug 2024 09:12:23 +0000 (+0200)
Subject: Fix injection of routing parameters into sql queries
X-Git-Tag: 6.1.0_Alpha_1~4^2~3
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f3b5594fbfc6368bd15534c8a9d65b470c5da5c6;p=GitHub%2FWoltLab%2FWCF.git

Fix injection of routing parameters into sql queries

ref https://www.woltlab.com/community/thread/307511-array-to-string-conversion/
---

diff --git a/wcfsetup/install/files/lib/system/database/Database.class.php b/wcfsetup/install/files/lib/system/database/Database.class.php
index f8e924179d..32c6d2f6e7 100644
--- a/wcfsetup/install/files/lib/system/database/Database.class.php
+++ b/wcfsetup/install/files/lib/system/database/Database.class.php
@@ -315,7 +315,12 @@ abstract class Database
                         $requestInformation = \substr($requestInformation, 0, 70);
                         $requestInformation .= ' (' . $requestId . ')';
                     }
-                    if (isset($_REQUEST['className']) && isset($_REQUEST['actionName'])) {
+                    if (
+                        isset($_REQUEST['className'])
+                        && isset($_REQUEST['actionName'])
+                        && \is_string($_REQUEST['className'])
+                        && \is_string($_REQUEST['actionName'])
+                    ) {
                         $requestInformation = \substr($requestInformation, 0, 90);
                         $requestInformation .= ' (' . $_REQUEST['className'] . ':' . $_REQUEST['actionName'] . ')';
                     }