Added: support for holding an array of parameters.

Author: dave83649

src/Processor.php

@@ -204,52 +204,62 @@ public function executeFirewall($rules)
                 continue;
             }
 
-            // Extract the value of the paramater that we want.
-            $values = $this->request->getParameterValues($rule['parameter']);
-            if (is_null($values) && $rule['parameter'] !== false && $rule['parameter'] != 'rules') {
-                continue;
-            }
-
-            // For special parameter values we just set the array to a single null value.
-            if ($rule['parameter'] === false || $rule['parameter'] == 'rules') {
-                $values = [null];
+            // Cast to an array so we can iterate through all parameters.
+            if (!is_array($rule['parameter'])) {
+                $parameters = [$rule['parameter']];
+            } else {
+                $parameters = $rule['parameter'];
             }
 
-            // For all field matches, we want to execute the rule against it.
-            foreach ($values as $value) {
-                // Apply mutations, if any.
-                if (isset($rule['mutations']) && is_array($rule['mutations'])) {
-                    $value = $this->request->applyMutation($rule['mutations'], $value);
-                    if (is_null($value)) {
-                        continue;
-                    }
+            // Iterate through all parameters.
+            foreach ($parameters as $parameter) {
+                // Extract the value of the paramater that we want.
+                $values = $this->request->getParameterValues($parameter);
+                if (is_null($values) && $parameter !== false && $parameter != 'rules') {
+                    continue;
                 }
 
-                // Perform the matching.
-                if (isset($rule['match']) && is_array($rule['match']) || isset($rule['rules'])) {
+                // For special parameter values we just set the array to a single null value.
+                if ($parameter === false || $parameter == 'rules') {
+                    $values = [null];
+                }
 
-                    // Do we have to process child-rules?
-                    if (isset($rule['rules'])) {
-                        $match = $this->executeFirewall($rule['rules']);
-                    } else {
-                        $match = $this->matchParameterValue($rule['match'], $value);
+                // For all field matches, we want to execute the rule against it.
+                foreach ($values as $value) {
+                    // Apply mutations, if any.
+                    if (isset($rule['mutations']) && is_array($rule['mutations'])) {
+                        $value = $this->request->applyMutation($rule['mutations'], $value);
+                        if (is_null($value)) {
+                            continue;
+                        }
                     }
 
-                    // Is the rule a match?
-                    if ($match) {
-                        // In case there are multiple rules, they may require chained AND conditions.
-                        if ($inclusiveCount <= 1 || !isset($rule['inclusive']) || $rule['inclusive'] !== true) {
-                            return true;
+                    // Perform the matching.
+                    if (isset($rule['match']) && is_array($rule['match']) || isset($rule['rules'])) {
+
+                        // Do we have to process child-rules?
+                        if (isset($rule['rules'])) {
+                            $match = $this->executeFirewall($rule['rules']);
                         } else {
-                            $inclusiveHits++;
+                            $match = $this->matchParameterValue($rule['match'], $value);
+                        }
+
+                        // Is the rule a match?
+                        if ($match) {
+                            // In case there are multiple rules, they may require chained AND conditions.
+                            if ($inclusiveCount <= 1 || !isset($rule['inclusive']) || $rule['inclusive'] !== true) {
+                                return true;
+                            } else {
+                                $inclusiveHits++;
+                            }
                         }
                     }
                 }
             }
         }
 
         // In case we hit all of the AND conditions.
-        if ($inclusiveCount > 1 && $inclusiveHits === $inclusiveCount) {
+        if ($inclusiveCount > 1 && $inclusiveHits >= $inclusiveCount) {
             return true;
         }
 

src/Request.php

@@ -239,7 +239,7 @@ public function applyMutation($mutations, $value)
         return $value;
     }
 
-     /**
+    /**
      * Given an array, get all parameters which match a certain wildcard.
      * 
      * @param array $data

tests/FirewallTest.php

@@ -414,5 +414,14 @@ function shortcode_parse_atts( $text ) {
         );
         $this->assertFalse($this->processor->launch(false));
         $this->alterPayload();
+
+        // Block request with test parameter present in the URL.
+        $this->setUpFirewallProcessor([$this->rules[23]]);
+        $this->alterPayload(
+            ['GET' => [
+            'test2' => 'yes'
+            ]]
+        );
+        $this->assertFalse($this->processor->launch(false));
     }
 }

tests/data/Rules.json

@@ -182,5 +182,13 @@
         "cat":"TEST",
         "type":"BLOCK",
         "type_params":null
+    },
+    {
+        "id":24,
+        "title":"Block test parameter being present in the URL with array of parameters.",
+        "rules":[{"parameter":["get.test","get.test2"],"match":{"type":"isset"}}],
+        "cat":"TEST",
+        "type":"BLOCK",
+        "type_params":null
     }
 ]