Commit 3ccb23aa authored by colemanw's avatar colemanw Committed by GitHub

Merge pull request #10994 from seamuslee001/CRM-20906

CRM-20906 Validate the extension key is of general standard
parents 93d20146 5df85a46
......@@ -45,7 +45,9 @@ class CRM_Admin_Form_Extensions extends CRM_Admin_Form {
$this->_key = CRM_Utils_Request::retrieve('key', 'String',
$this, FALSE, 0
);
if (!CRM_Utils_Type::validate($this->_key, 'ExtensionKey')) {
throw new CRM_Core_Exception('Extension Key does not match expected standard');
}
$session = CRM_Core_Session::singleton();
$url = CRM_Utils_System::url('civicrm/admin/extensions', 'reset=1&action=browse');
$session->pushUserContext($url);
......
......@@ -911,4 +911,15 @@ class CRM_Utils_Rule {
}
}
/**
* @param string $key Extension Key to check
* @return bool
*/
public static function checkExtesnionKeyIsValid($key = NULL) {
if (!empty($key) && !preg_match('/^[0-9a-zA-Z._-]+$/', $key)) {
return FALSE;
}
return TRUE;
}
}
......@@ -466,6 +466,12 @@ class CRM_Utils_Type {
}
break;
case 'ExtensionKey':
if (CRM_Utils_Rule::checkExtesnionKeyIsValid($data)) {
return $data;
}
break;
default:
CRM_Core_Error::fatal("Cannot recognize $type for $data");
break;
......
......@@ -112,4 +112,24 @@ class CRM_Utils_RuleTest extends CiviUnitTestCase {
);
}
/**
* @return array
*/
public function extenionKeyTests() {
$keys = array();
$keys[] = array('org.civicrm.multisite', TRUE);
$keys[] = array('au.org.contribute2016', TRUE);
$keys[] = array('%3Csvg%20onload=alert(0)%3E', FALSE);
return $keys;
}
/**
* @param $key
* @param $expectedResult
* @dataProvider extenionKeyTests
*/
public function testExtenionKeyValid($key, $expectedResult) {
$this->assertEquals($expectedResult, CRM_Utils_Rule::checkExtesnionKeyIsValid($key));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment