Attack: sending xml request body

nullupload-app.ERROR: Call to undefined function Slim\Http\simplexml_load_string() on /var/www/nullupload/vendor/slim/slim/Slim/Http/Request.php at 230 slimphp/Slim-Http#106
cypherbits · Sep 26, 2020 · 8eebbcc · 8eebbcc
1 parent d55c4fc
commit 8eebbcc
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 7 deletions.
diff --git a/TODO b/TODO
@@ -1,9 +1,5 @@
 TODO LIST:
 
-Attack: sending xml request body
-nullupload-app.ERROR: Call to undefined function Slim\Http\simplexml_load_string() on /var/www/nullupload/vendor/slim/slim/Slim/Http/Request.php at 230
-https://github.com/slimphp/Slim-Http/issues/106
-
 - Fix only variables should be passed by reference on do-upload
 
 -admin or cron: see if there are physical files not in database.

diff --git a/src/middleware.php b/src/middleware.php
@@ -78,7 +78,6 @@
     $c->view->getEnvironment()->addGlobal("urlPrivacy", $this->router->pathFor("privacy"));
     $c->view->getEnvironment()->addGlobal("urlAdminHome", $this->router->pathFor("admin"));
     $c->view->getEnvironment()->addGlobal("urlAdminNews", $this->router->pathFor("adminNews"));
-   // $c->view->getEnvironment()->addGlobal("urlAdminUsers", "#");
     $c->view->getEnvironment()->addGlobal("urlAdminLogout", $this->router->pathFor("adminLogout"));
     $c->view->getEnvironment()->addGlobal("urlAdminDownload", $this->router->pathFor("adminDownload" , ["id" => '']));
     $c->view->getEnvironment()->addGlobal("urlAdminDelete", $this->router->pathFor("adminDelete", ["id" => '']));
@@ -87,8 +86,11 @@
     $c->view->getEnvironment()->addGlobal("urlAdminDeleteNew", $this->router->pathFor("adminDeleteNew", ["id" => '']));
     $c->view->getEnvironment()->addGlobal("urlAdminPhpinfo", $this->router->pathFor("adminPhpinfo"));
     $c->view->getEnvironment()->addGlobal("urlAdminConfig", $this->router->pathFor("adminConfig"));
-    //$c->view->getEnvironment()->addGlobal("urlUserLogin", $this->router->pathFor("userLogin"));
-    //$c->view->getEnvironment()->addGlobal("urlUserJoin", $this->router->pathFor("userJoin"));
+
+
+    //Fix autoparsing from XML body when we do not use it... so we can disable php-xml extension
+    $request->registerMediaTypeParser('application/xml', function () { return []; });
+    $request->registerMediaTypeParser('text/xml', function () { return []; });
 
     $response = $next($request, $response);
     //$response->getBody()->write('AFTER');