How to patch your Drupal 8 regarding SA-CORE-2018-002

All the changes in this file created based on original patch for Drupal 8.5.1

https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=5ac8738fa69df34a0635f0907d661b509ff9a28f

Check if your site is not patched before

There is no core/lib/Drupal/Core/Security/RequestSanitizer.php file.

Add RequestSanitizer.php file

Open drupal root and call the command

cd /project/public_html
curl https://gist.githubusercontent.com/stanbellcom/a4a76ac8a42580fbb82dc27197bb999a/raw/4dd047b7e1a15a11d41248dee103ddb5613d51ba/SA-CORE-2018-002-D8-partial.patch | patch -p1

Add call of request sanitizer to core/lib/Drupal/Core/DrupalKernel.php

Open core/lib/Drupal/Core/DrupalKernel.php
Find code snippet lines ~ 21

 use Drupal\Core\Http\TrustedHostsRequestFactory;
 use Drupal\Core\Installer\InstallerRedirectTrait;
 use Drupal\Core\Language\Language;

Add the following line after use Drupal\Core\Language\Language;

use Drupal\Core\Security\RequestSanitizer;

Find code snippet lines ~ 543

    public function preHandle(Request $request) {

    $this->loadLegacyIncludes();

    // Load all enabled modules.
    $this->container->get('module_handler')->loadAll();

Add following 4 lines after public function preHandle(Request $request) {


    // Sanitize the request.
    $request = RequestSanitizer::sanitize(
      $request,
      (array) Settings::get(RequestSanitizer::SANITIZE_WHITELIST, []),
      (bool) Settings::get(RequestSanitizer::SANITIZE_LOG, FALSE)
    );

stankut/How to patch your Drupal 8 regarding SA-CORE-2018-002.md

How to patch your Drupal 8 regarding SA-CORE-2018-002

Check if your site is not patched before

Add RequestSanitizer.php file

Add call of request sanitizer to core/lib/Drupal/Core/DrupalKernel.php