projects
/
yaffs-website
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Security update to Drupal 8.4.6
[yaffs-website]
/
web
/
core
/
lib
/
Drupal
/
Core
/
DrupalKernel.php
diff --git
a/web/core/lib/Drupal/Core/DrupalKernel.php
b/web/core/lib/Drupal/Core/DrupalKernel.php
index 37ed0e97a68d9fd88e848c292fbbf6f63503f3cb..fec1be9ad3a6163744a6cfde69965417b3121608 100644
(file)
--- a/
web/core/lib/Drupal/Core/DrupalKernel.php
+++ b/
web/core/lib/Drupal/Core/DrupalKernel.php
@@
-20,6
+20,7
@@
use Drupal\Core\File\MimeType\MimeTypeGuesser;
use Drupal\Core\Http\TrustedHostsRequestFactory;
use Drupal\Core\Installer\InstallerRedirectTrait;
use Drupal\Core\Language\Language;
use Drupal\Core\Http\TrustedHostsRequestFactory;
use Drupal\Core\Installer\InstallerRedirectTrait;
use Drupal\Core\Language\Language;
+use Drupal\Core\Security\RequestSanitizer;
use Drupal\Core\Site\Settings;
use Drupal\Core\Test\TestDatabase;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
use Drupal\Core\Site\Settings;
use Drupal\Core\Test\TestDatabase;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
@@
-542,6
+543,12
@@
class DrupalKernel implements DrupalKernelInterface, TerminableInterface {
* {@inheritdoc}
*/
public function preHandle(Request $request) {
* {@inheritdoc}
*/
public function preHandle(Request $request) {
+ // Sanitize the request.
+ $request = RequestSanitizer::sanitize(
+ $request,
+ (array) Settings::get(RequestSanitizer::SANITIZE_WHITELIST, []),
+ (bool) Settings::get(RequestSanitizer::SANITIZE_LOG, FALSE)
+ );
$this->loadLegacyIncludes();
$this->loadLegacyIncludes();