CVE-2022-1514: Sanitized the data read from the ini file to avoid security problems. · NeoRazorX/facturascripts@aa9f28c

@@ -380,27 +380,32 @@ private function getPluginInfo(string $pluginName, string $iniContent): array

‘require’ => [],

‘version’ => 1

];

$ini = parse_ini_string($iniContent);

if ($ini !== false) {

foreach (['name’, 'version’, 'description’, ‘min_version’] as $key) {

$info[$key] = $ini[$key] ?? $info[$key];

}

if ($ini === false) {

return $info;

}

if (isset($ini[‘require’])) {

$info[‘require’] = explode(',’, $ini[‘require’]);

}

$info[‘name’] = strip_tags($ini[‘name’] ?? $info[‘name’]);

$info[‘version’] = floatval($ini[‘version’] ?? $info[‘version’]);

$info[‘description’] = strip_tags($ini[‘description’] ?? $info[‘description’]);

$info[‘min_version’] = floatval($ini[‘min_version’] ?? $info[‘min_version’]);

if ($info[‘min_version’] >= 2018 && $info[‘min_version’] <= self::CORE_VERSION) {

$info[‘compatible’] = true;

$info[‘description’] = (‘Incompatible’ === $info[‘description’]) ? ToolBox::i18n()->trans(‘compatible’) : $info[‘description’];

} else {

$info[‘description’] = ToolBox::i18n()->trans('incompatible-with-facturascripts’, [‘%version%’ => self::CORE_VERSION]);

if (isset($ini[‘require’])) {

foreach (explode(',’, $ini[‘require’]) as $req) {

$req = trim($req);

if (!empty($req)) {

$info[‘require’][] = $req;

}

}

}

$info[‘enabled’] = in_array($info[‘name’], $this->enabledPlugins());

if ($info[‘min_version’] <= self::CORE_VERSION && $info[‘min_version’] >= 2020) {

$info[‘compatible’] = true;

} else {

$info[‘description’] = ToolBox::i18n()->trans('incompatible-with-facturascripts’, [‘%version%’ => self::CORE_VERSION]);

}

$info[‘enabled’] = in_array($info[‘name’], $this->enabledPlugins());

return $info;

}