Merge pull request #745 from versionpress/644-validate-inputs

Validate and sanitize request arguments before use

plugins/versionpress/src/Api/VersionPressApi.php

@@ -222,15 +222,33 @@ public function getCommits(WP_REST_Request $request) {
      * @return WP_REST_Response|WP_Error
      */
     public function undoCommit(WP_REST_Request $request) {
-        return $this->revertCommit('undo', $request['commit']);
+        $commitHash = $request['commit'];
+
+        if (!preg_match('/^[0-9a-f]+$/', $commitHash)) {
+            return new WP_Error(
+                'error',
+                'Invalid commit hash',
+                array('status' => 404));
+        }
+
+        return $this->revertCommit('undo', $commitHash);
     }
 
     /**
      * @param WP_REST_Request $request
      * @return WP_REST_Response|WP_Error
      */
     public function rollbackToCommit(WP_REST_Request $request) {
-        return $this->revertCommit('rollback', $request['commit']);
+        $commitHash = $request['commit'];
+
+        if (!preg_match('/^[0-9a-f]+$/', $commitHash)) {
+            return new WP_Error(
+                'error',
+                'Invalid commit hash',
+                array('status' => 404));
+        }
+
+        return $this->revertCommit('rollback', $commitHash);
     }
 
     /**
@@ -264,8 +282,16 @@ public function revertCommit($reverterMethod, $commit) {
      * @return WP_REST_Response|WP_Error
      */
     public function getDiff(WP_REST_Request $request) {
-        $hash = $request['commit'];
-        $diff = $this->gitRepository->getDiff($hash);
+        $commitHash = $request['commit'];
+
+        if (!preg_match('/^[0-9a-f]*$/', $commitHash)) {
+            return new WP_Error(
+                'error',
+                'Invalid commit hash',
+                array('status' => 404));
+        }
+
+        $diff = $this->gitRepository->getDiff($commitHash);
 
         if (strlen($diff) > 50 * 1024) { // 50 kB is maximum size for diff (see WP-49)
             return new WP_Error(

plugins/versionpress/versionpress.php

@@ -849,10 +849,16 @@ function vp_rollback() {
 
 function _vp_revert($reverterMethod) {
     global $versionPressContainer;
+
+    $commitHash = $_GET['commit'];
+
+    if (!preg_match('/^[0-9a-f]+$/', $commitHash)) {
+        exit();
+    }
+
     /** @var Reverter $reverter */
     $reverter = $versionPressContainer->resolve(VersionPressServices::REVERTER);
 
-    $commitHash = $_GET['commit'];
     vp_enable_maintenance();
     $revertStatus = call_user_func(array($reverter, $reverterMethod), $commitHash);
     vp_disable_maintenance();