Skip to content

feat: add filter to check invalid chars in user input #5227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Nov 23, 2021
Merged

feat: add filter to check invalid chars in user input #5227

merged 13 commits into from
Nov 23, 2021

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented Oct 21, 2021
edited
Loading

Description

  • add a filter to prevent attacks with malformed character encodings and control characters (null byte)

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@kenjis kenjis force-pushed the add-filter-invalidChars branch from 837f37b to 44db72b Compare October 21, 2021 07:36
MGatner
MGatner requested changes Oct 22, 2021
View reviewed changes
@MGatner
Copy link
Member

MGatner commented Oct 22, 2021

Great security addition! Made a few notes. I wonder if we should ship this on by default? Since it would be a change to app/ we can afford to do it without affecting existing projects.

Have you benchmarked this or checked Debug Toolbar timelines to see impact?

MGatner
MGatner approved these changes Nov 6, 2021
View reviewed changes
Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for those changes, looks great!

@kenjis kenjis added the new feature PRs for new features label Nov 9, 2021
@kenjis kenjis force-pushed the add-filter-invalidChars branch from 0633964 to 78c2150 Compare November 22, 2021 02:41
@kenjis kenjis force-pushed the add-filter-invalidChars branch from 78c2150 to fb9f6ec Compare November 22, 2021 02:47
@kenjis
Copy link
Member Author

kenjis commented Nov 22, 2021

@MGatner I rebased this PR and added 3 commits.
If you're okay, I will merge this.

Have you benchmarked this or checked Debug Toolbar timelines to see impact?

I saw Debug Toolbar timelines, but small input does not impact.
Before Filters take 0.0x ms.

paulbalandan
paulbalandan reviewed Nov 23, 2021
View reviewed changes
kenjis and others added 6 commits November 23, 2021 14:31
@kenjis @paulbalandan
docs: fix by proofreading
abab121 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis @paulbalandan
docs: fix by proofreading
fe3ab5e 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis @paulbalandan
test: add param type
e7e492f 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis @paulbalandan
test: add param type
70424d6 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis @paulbalandan
test: replace return with yield from
72aa844 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis @paulbalandan
test: replace return with yield from
9d7e038 
Co-authored-by: John Paul E. Balandan, CPA <[email protected]>
@kenjis kenjis requested a review from paulbalandan November 23, 2021 05:41
@kenjis kenjis merged commit cdff9ed into codeigniter4:develop Nov 23, 2021
@kenjis kenjis deleted the add-filter-invalidChars branch November 23, 2021 06:55
@MGatner
Copy link
Member

MGatner commented Nov 24, 2021

💪😊👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGatner MGatner MGatner approved these changes

@paulbalandan paulbalandan paulbalandan approved these changes

Assignees
No one assigned
Labels
new feature PRs for new features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kenjis @MGatner @paulbalandan