[PHPBB3-16871] S_FORUM_ID and S_TOPIC_ID variables set by page_header may cause fatal errors in feeds

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.10, 3.3.4
Fix Version/s: 3.3.8-RC1
Component/s: None
Labels:
None

GitHub Pull Request URL:
https://github.com/phpbb/phpbb/pull/6385

Description

The S_FORUM_ID and S_TOPIC_ID variables in the page_header function are passed as-is from the user request with only an integer conversion. Integers can be negative, but forum and topic IDs cannot.

When a request to a valid page with an invalid forum or topic ID in the URL is made, e.g. <https://area51.phpbb.com/phpBB/viewtopic.php?f=-9001&p=348626> or <https://area51.phpbb.com/phpBB/viewtopic.php?t=-9001&p=348626>, and forum feeds are enabled, a negative ID will be passed to the path Twig helper function (phpbb\template\twig\extension\routing::getPath) which will end up being validated by the regular expression /\d+/ (from config/default/routing/feed.yml) and fail, which triggers an uncaught Symfony\Component\Routing\Exception\InvalidParameterException.

Attachments

Activity

People

Assignee:: battye

Reporter:: Snover [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Sep/21 7:27 PM

Updated:: 06/Jun/22 7:52 AM

Resolved:: 15/Apr/22 9:48 PM