From c33f84fcc21dab5ff9e04559912e81afc20ddf29 Mon Sep 17 00:00:00 2001
From: Dag <me@dvikan.no>
Date: Sun, 10 Jul 2022 19:50:51 +0200
Subject: [PATCH] fix: disallow non-strings in GET parameters (#2908)

---
 index.php                | 28 +++++++++++++++++-----------
 templates/base.html.php  |  2 +-
 templates/error.html.php |  5 ++++-
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/index.php b/index.php
index 9eddc71b..fe1ed882 100644
--- a/index.php
+++ b/index.php
@@ -2,18 +2,24 @@
 
 require_once __DIR__ . '/lib/rssbridge.php';
 
-/*
-Move the CLI arguments to the $_GET array, in order to be able to use
-rss-bridge from the command line
-*/
-if (isset($argv)) {
-    parse_str(implode('&', array_slice($argv, 1)), $cliArgs);
-    $request = array_merge($_GET, $cliArgs);
-} else {
-    $request = $_GET;
-}
-
 try {
+    if (isset($argv)) {
+        parse_str(implode('&', array_slice($argv, 1)), $cliArgs);
+        $request = $cliArgs;
+    } else {
+        $request = $_GET;
+    }
+    foreach ($request as $key => $value) {
+        if (! is_string($value)) {
+            http_response_code(400);
+            print render('error.html.php', [
+                'title' => '400 Bad Request',
+                'message' => "Query parameter \"$key\" is not a string.",
+            ]);
+            exit(1);
+        }
+    }
+
     $actionFactory = new ActionFactory();
 
     if (array_key_exists('action', $request)) {
diff --git a/templates/base.html.php b/templates/base.html.php
index 39442706..702fab42 100644
--- a/templates/base.html.php
+++ b/templates/base.html.php
@@ -4,7 +4,7 @@
     <meta charset="utf-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="description" content="RSS-Bridge" />
-    <title><?= e($title ?? 'RSS-Bridge') ?></title>
+    <title><?= e($_title ?? 'RSS-Bridge') ?></title>
     <link href="static/style.css" rel="stylesheet">
     <link rel="icon" type="image/png" href="static/favicon.png">
 </head>
diff --git a/templates/error.html.php b/templates/error.html.php
index db2f233f..12f77b0b 100644
--- a/templates/error.html.php
+++ b/templates/error.html.php
@@ -1,6 +1,9 @@
 <div style="width: 60%; margin: 30px auto">
 
-    <h1>Something went wrong</h1>
+    <h1>
+        <?= e($title ?? 'Something went wrong') ?>
+    </h1>
+
     <br>
     <?= e($message) ?>
     <br>