search

slub / dfg-viewer

The DFG Viewer is a free web service for browsing digitized books from remote library repositories in a rich and dynamic environment.
https://dfg-viewer.de
GNU General Public License v3.0
29 stars 26 forks source link

Fix typeerror exception which accured after presentations xss vulnerabitlity fix #227

Closed csidirop closed 9 months ago

csidirop commented 1 year ago

A type error occurred (see below) after an xss vulnerability in presentation got fixed (https://github.com/kitodo/kitodo-presentation/commit/cd528de854b01e393e23288553d0c6a4040f907b).

This commit changes the call to comply with the new parameter requirements (integer instead of typeless -> here an array).

The error message: Core: Exception handler (WEB): Uncaught TYPO3 Exception: Argument 1 passed to Kitodo\Dlf\Controller\AbstractController::loadDocument() must be of the type int, array given, called in /var/www/typo3/public/typo3conf/ext/dfgviewer/Classes/Controller/UriController.php on line 50 | TypeError thrown in file /var/www/typo3/public/typo3conf/ext/dlf/Classes/Controller/AbstractController.php in line 133.

csidirop commented 11 months ago

Any questions regarding this PR?

beatrycze-volk commented 9 months ago

Method loadDocument should be called without any parameters because reading of requestData happen inside it:

protected function loadDocument(int $documentId = 0): void
{
    // Get document ID from request data if not passed as parameter.
    if ($documentId === 0 && !empty($this->requestData['id'])) {
        $documentId = $this->requestData['id'];
    }

   ....
}

PR https://github.com/slub/dfg-viewer/pull/234 contains fix for this problem.