Skip to content

Fix critical security and data integrity issues in BLM parser #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix critical security and data integrity issues in BLM parser #1

wants to merge 1 commit into from

Conversation

@pitbot
Copy link
Owner

@pitbot pitbot commented Oct 21, 2025

CRITICAL FIX:

  • Fix data leakage bug where $row_arr was not reset between iterations, causing fields from previous rows to bleed into subsequent rows when fields were missing (phpblm.php:130)

Security Improvements:

  • Add file path validation to prevent arbitrary file reading
  • Add file size limit (50MB) to prevent memory exhaustion attacks
  • Validate file existence and readability before processing

Error Handling:

  • Add comprehensive bounds checking for array access in getData() and getHeader()
  • Validate BLM format has required sections (minimum 7)
  • Validate required headers (EOF, EOR) exist before use
  • Handle file_get_contents() failure
  • Add bounds checking in data parsing loop

Code Quality:

  • Improve variable naming (dataCount vs datac, rowLength)
  • Add comprehensive documentation explaining BLM format structure
  • Add meaningful error messages with context
  • Use explode() limit parameter to handle edge cases with delimiters in values

All changes maintain backward compatibility while improving reliability and security.

🤖 Generated with Claude Code

@claude
Fix critical security and data integrity issues in BLM parser
0e89ff5 
CRITICAL FIX:
- Fix data leakage bug where $row_arr was not reset between iterations,
  causing fields from previous rows to bleed into subsequent rows when
  fields were missing (phpblm.php:130)

Security Improvements:
- Add file path validation to prevent arbitrary file reading
- Add file size limit (50MB) to prevent memory exhaustion attacks
- Validate file existence and readability before processing

Error Handling:
- Add comprehensive bounds checking for array access in getData() and getHeader()
- Validate BLM format has required sections (minimum 7)
- Validate required headers (EOF, EOR) exist before use
- Handle file_get_contents() failure
- Add bounds checking in data parsing loop

Code Quality:
- Improve variable naming (dataCount vs datac, rowLength)
- Add comprehensive documentation explaining BLM format structure
- Add meaningful error messages with context
- Use explode() limit parameter to handle edge cases with delimiters in values

All changes maintain backward compatibility while improving reliability and security.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pitbot @claude