From 8eebbcc4e0b7179a447962121ed2f7794168ee02 Mon Sep 17 00:00:00 2001 From: cypherbits Date: Sat, 26 Sep 2020 14:02:41 +0200 Subject: [PATCH] Attack: sending xml request body nullupload-app.ERROR: Call to undefined function Slim\Http\simplexml_load_string() on /var/www/nullupload/vendor/slim/slim/Slim/Http/Request.php at 230 https://github.com/slimphp/Slim-Http/issues/106 --- TODO | 4 ---- src/middleware.php | 8 +++++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/TODO b/TODO index ca01e66..d869a0d 100755 --- a/TODO +++ b/TODO @@ -1,9 +1,5 @@ TODO LIST: -Attack: sending xml request body -nullupload-app.ERROR: Call to undefined function Slim\Http\simplexml_load_string() on /var/www/nullupload/vendor/slim/slim/Slim/Http/Request.php at 230 -https://github.com/slimphp/Slim-Http/issues/106 - - Fix only variables should be passed by reference on do-upload -admin or cron: see if there are physical files not in database. diff --git a/src/middleware.php b/src/middleware.php index 777b486..9cf3eaf 100755 --- a/src/middleware.php +++ b/src/middleware.php @@ -78,7 +78,6 @@ $c->view->getEnvironment()->addGlobal("urlPrivacy", $this->router->pathFor("privacy")); $c->view->getEnvironment()->addGlobal("urlAdminHome", $this->router->pathFor("admin")); $c->view->getEnvironment()->addGlobal("urlAdminNews", $this->router->pathFor("adminNews")); - // $c->view->getEnvironment()->addGlobal("urlAdminUsers", "#"); $c->view->getEnvironment()->addGlobal("urlAdminLogout", $this->router->pathFor("adminLogout")); $c->view->getEnvironment()->addGlobal("urlAdminDownload", $this->router->pathFor("adminDownload" , ["id" => ''])); $c->view->getEnvironment()->addGlobal("urlAdminDelete", $this->router->pathFor("adminDelete", ["id" => ''])); @@ -87,8 +86,11 @@ $c->view->getEnvironment()->addGlobal("urlAdminDeleteNew", $this->router->pathFor("adminDeleteNew", ["id" => ''])); $c->view->getEnvironment()->addGlobal("urlAdminPhpinfo", $this->router->pathFor("adminPhpinfo")); $c->view->getEnvironment()->addGlobal("urlAdminConfig", $this->router->pathFor("adminConfig")); - //$c->view->getEnvironment()->addGlobal("urlUserLogin", $this->router->pathFor("userLogin")); - //$c->view->getEnvironment()->addGlobal("urlUserJoin", $this->router->pathFor("userJoin")); + + + //Fix autoparsing from XML body when we do not use it... so we can disable php-xml extension + $request->registerMediaTypeParser('application/xml', function () { return []; }); + $request->registerMediaTypeParser('text/xml', function () { return []; }); $response = $next($request, $response); //$response->getBody()->write('AFTER');