[ticket/security-203] Do not add null values to versions info

marc1706 · marc1706 · commit 4a71779fffd8 · 2016-12-27T18:12:18.000+01:00
Also stopped using reference for validate_versions() method argument.

SECURTIY-203
diff --git a/version_helper.php b/version_helper.php
@@ -315,7 +315,7 @@ public function get_versions($force_update = false, $force_cache = false)
 			$info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];
 			$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];
 
-			$this->validate_versions($info);
+			$info = $this->validate_versions($info);
 
 			$this->cache->put($cache_file, $info, 86400); // 24 hours
 		}
@@ -328,8 +328,10 @@ public function get_versions($force_update = false, $force_cache = false)
 	 *
 	 * @param array $versions_info Decoded json data array. Will be modified
 	 *		and cleaned by this method
+	 *
+	 * @return array Versions info array
 	 */
-	public function validate_versions(&$versions_info)
+	public function validate_versions($versions_info)
 	{
 		$array_diff = array_diff_key($versions_info, array($this->version_schema));
 
@@ -362,7 +364,7 @@ public function validate_versions(&$versions_info)
 					$version_data = array();
 					foreach ($this->version_schema[$stability_type] as $key => $value)
 					{
-						if (isset($old_version_data[$key]) || $old_version_data[$key] === null)
+						if (isset($old_version_data[$key]))
 						{
 							$version_data[$key] = $old_version_data[$key];
 						}
@@ -388,16 +390,13 @@ public function validate_versions(&$versions_info)
 							if (!empty($value) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $value) &&
 								!preg_match('#^' . get_preg_expression('www_url') . '$#iu', $value))
 							{
-								$value = '';
 								throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_URL'));
 							}
 						break;
 
 						case 'version':
-							$value = $value ?: '';
-							if (!preg_match(get_preg_expression('semantic_version'), $value))
+							if (!empty($value) && !preg_match(get_preg_expression('semantic_version'), $value))
 							{
-								$value = '';
 								throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_VERSION'));
 							}
 						break;
@@ -409,5 +408,7 @@ public function validate_versions(&$versions_info)
 				}
 			}
 		}
+
+		return $versions_info;
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -315,7 +315,7 @@ public function get_versions($force_update = false, $force_cache = false)`
`315`	`315`	`$info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];`
`316`	`316`	`$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];`
`317`	`317`
`318`		`- $this->validate_versions($info);`
	`318`	`+ $info = $this->validate_versions($info);`
`319`	`319`
`320`	`320`	`$this->cache->put($cache_file, $info, 86400); // 24 hours`
`321`	`321`	`}`
`@@ -328,8 +328,10 @@ public function get_versions($force_update = false, $force_cache = false)`
`328`	`328`	`*`
`329`	`329`	`* @param array $versions_info Decoded json data array. Will be modified`
`330`	`330`	`* and cleaned by this method`
	`331`	`+ *`
	`332`	`+ * @return array Versions info array`
`331`	`333`	`*/`
`332`		`- public function validate_versions(&$versions_info)`
	`334`	`+ public function validate_versions($versions_info)`
`333`	`335`	`{`
`334`	`336`	`$array_diff = array_diff_key($versions_info, array($this->version_schema));`
`335`	`337`
`@@ -362,7 +364,7 @@ public function validate_versions(&$versions_info)`
`362`	`364`	`$version_data = array();`
`363`	`365`	`foreach ($this->version_schema[$stability_type] as $key => $value)`
`364`	`366`	`{`
`365`		`- if (isset($old_version_data[$key]) \|\| $old_version_data[$key] === null)`
	`367`	`+ if (isset($old_version_data[$key]))`
`366`	`368`	`{`
`367`	`369`	`$version_data[$key] = $old_version_data[$key];`
`368`	`370`	`}`
`@@ -388,16 +390,13 @@ public function validate_versions(&$versions_info)`
`388`	`390`	`if (!empty($value) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $value) &&`
`389`	`391`	`!preg_match('#^' . get_preg_expression('www_url') . '$#iu', $value))`
`390`	`392`	`{`
`391`		`- $value = '';`
`392`	`393`	`throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_URL'));`
`393`	`394`	`}`
`394`	`395`	`break;`
`395`	`396`
`396`	`397`	`case 'version':`
`397`		`- $value = $value ?: '';`
`398`		`- if (!preg_match(get_preg_expression('semantic_version'), $value))`
	`398`	`+ if (!empty($value) && !preg_match(get_preg_expression('semantic_version'), $value))`
`399`	`399`	`{`
`400`		`- $value = '';`
`401`	`400`	`throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_VERSION'));`
`402`	`401`	`}`
`403`	`402`	`break;`
`@@ -409,5 +408,7 @@ public function validate_versions(&$versions_info)`
`409`	`408`	`}`
`410`	`409`	`}`
`411`	`410`	`}`
	`411`	`+`
	`412`	`+ return $versions_info;`
`412`	`413`	`}`
`413`	`414`	`}`