Changed: more validations to the rule matching.

dave83649 · dave83649 · commit 894577800dbc · 2022-10-06T10:46:43.000+02:00
diff --git a/src/Processor.php b/src/Processor.php
@@ -145,7 +145,7 @@ public function launch($mustExit = true)
                 continue;
             }
 
-            // Execute the firewall rule.
+            // Transform rule object to array, then execute the firewall rule.
             $rule_hit = $this->executeFirewall(json_decode(json_encode($rule->rules), true));
 
             // If the payload did not match the rule, continue.
@@ -285,15 +285,15 @@ public function matchParameterValue($match, $value)
         $matchValue = isset($match['value']) ? $match['value'] : null;
 
         // Perform a match depending on the given match type.
-        if ($matchType == 'equals' && is_scalar($value)) {
+        if ($matchType == 'equals' && is_scalar($value) && is_scalar($matchValue)) {
             return $matchValue == $value;
         }
 
-        if ($matchType == 'bigger_than' && is_scalar($value)) {
+        if ($matchType == 'bigger_than' && is_scalar($value) && is_scalar($matchValue)) {
             return $value > $matchValue;
         }
 
-        if ($matchType == 'less_than' && is_scalar($value)) {
+        if ($matchType == 'less_than' && is_scalar($value) && is_scalar($matchValue)) {
             return $value < $matchValue;
         }
 
@@ -321,19 +321,19 @@ public function matchParameterValue($match, $value)
             return @preg_match($matchValue, @urldecode($value)) === 1;
         }
 
-        if ($matchType == 'current_user_cannot' && function_exists('current_user_can')) {
+        if ($matchType == 'current_user_cannot' && is_scalar($matchValue) && function_exists('current_user_can')) {
             return @!current_user_can($matchValue);
         }
 
-        if ($matchType == 'in_array' && !is_array($value)) {
+        if ($matchType == 'in_array' && !is_array($value) && is_array($matchValue)) {
             return @in_array($value, $matchValue);
         }
 
-        if ($matchType == 'not_in_array' && !is_array($value)) {
+        if ($matchType == 'not_in_array' && !is_array($value) && is_array($matchValue)) {
             return @!in_array($value, $matchValue);
         }
 
-        if ($matchType == 'array_in_array' && is_array($value)) {
+        if ($matchType == 'array_in_array' && is_array($value) && is_array($matchValue)) {
             return @array_intersect($value, $matchValue);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ public function launch($mustExit = true)`
`145`	`145`	`continue;`
`146`	`146`	`}`
`147`	`147`
`148`		`- // Execute the firewall rule.`
	`148`	`+ // Transform rule object to array, then execute the firewall rule.`
`149`	`149`	`$rule_hit = $this->executeFirewall(json_decode(json_encode($rule->rules), true));`
`150`	`150`
`151`	`151`	`// If the payload did not match the rule, continue.`
`@@ -285,15 +285,15 @@ public function matchParameterValue($match, $value)`
`285`	`285`	`$matchValue = isset($match['value']) ? $match['value'] : null;`
`286`	`286`
`287`	`287`	`// Perform a match depending on the given match type.`
`288`		`- if ($matchType == 'equals' && is_scalar($value)) {`
	`288`	`+ if ($matchType == 'equals' && is_scalar($value) && is_scalar($matchValue)) {`
`289`	`289`	`return $matchValue == $value;`
`290`	`290`	`}`
`291`	`291`
`292`		`- if ($matchType == 'bigger_than' && is_scalar($value)) {`
	`292`	`+ if ($matchType == 'bigger_than' && is_scalar($value) && is_scalar($matchValue)) {`
`293`	`293`	`return $value > $matchValue;`
`294`	`294`	`}`
`295`	`295`
`296`		`- if ($matchType == 'less_than' && is_scalar($value)) {`
	`296`	`+ if ($matchType == 'less_than' && is_scalar($value) && is_scalar($matchValue)) {`
`297`	`297`	`return $value < $matchValue;`
`298`	`298`	`}`
`299`	`299`
`@@ -321,19 +321,19 @@ public function matchParameterValue($match, $value)`
`321`	`321`	`return @preg_match($matchValue, @urldecode($value)) === 1;`
`322`	`322`	`}`
`323`	`323`
`324`		`- if ($matchType == 'current_user_cannot' && function_exists('current_user_can')) {`
	`324`	`+ if ($matchType == 'current_user_cannot' && is_scalar($matchValue) && function_exists('current_user_can')) {`
`325`	`325`	`return @!current_user_can($matchValue);`
`326`	`326`	`}`
`327`	`327`
`328`		`- if ($matchType == 'in_array' && !is_array($value)) {`
	`328`	`+ if ($matchType == 'in_array' && !is_array($value) && is_array($matchValue)) {`
`329`	`329`	`return @in_array($value, $matchValue);`
`330`	`330`	`}`
`331`	`331`
`332`		`- if ($matchType == 'not_in_array' && !is_array($value)) {`
	`332`	`+ if ($matchType == 'not_in_array' && !is_array($value) && is_array($matchValue)) {`
`333`	`333`	`return @!in_array($value, $matchValue);`
`334`	`334`	`}`
`335`	`335`
`336`		`- if ($matchType == 'array_in_array' && is_array($value)) {`
	`336`	`+ if ($matchType == 'array_in_array' && is_array($value) && is_array($matchValue)) {`
`337`	`337`	`return @array_intersect($value, $matchValue);`
`338`	`338`	`}`
`339`	`339`