[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class
From: |
Caeies |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class.data_cleaner.inc.php, 1.1.2.2 |
Date: |
Mon, 5 Sep 2005 21:30:00 +0200 |
Update of phpgwapi/inc
Modified Files:
Branch: Version-0_9_16-branch
functions.inc.php lines: +18 -16
class.data_cleaner.inc.php lines: +8 -2
Log Message:
fixing some border effects of XSS code, approved by skwashd (after irc
discussion)
====================================================
Index: phpgwapi/inc/functions.inc.php
diff -u phpgwapi/inc/functions.inc.php:1.121.2.13.2.24
phpgwapi/inc/functions.inc.php:1.121.2.13.2.25
--- phpgwapi/inc/functions.inc.php:1.121.2.13.2.24 Fri Aug 26 01:33:15 2005
+++ phpgwapi/inc/functions.inc.php Mon Sep 5 19:30:24 2005
@@ -44,10 +44,10 @@
function clean_vars($vars)
{
+ global $data_cleaner;
if ( !is_array($vars) )
{
- $data_cleaner = createObject('phpgwapi.data_cleaner',
$vars);
- return $data_cleaner->clean();
+ return $data_cleaner->clean($vars);
}
foreach ( $vars as $key => $val )
@@ -57,19 +57,6 @@
return $vars;
}
- // Remove this and I will make sure that you lose important parts of
your anatomy - skwashd
- $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
- $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
- foreach ( $to_cleans as $to_clean )
- {
- if ( isset($GLOBALS[$to_clean]) &&
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
- {
- $GLOBALS['to_clean'] = clean_vars($GLOBALS['to_clean']);
- $GLOBALS["HTTP{$to_change}_VARS"] =
$GLOBALS[$to_change];//legacy app support - will be dropped in 18
- }
- }
-
-
/* Make sure the header.inc.php is current. */
if ($GLOBALS['phpgw_info']['server']['versions']['header'] <
$GLOBALS['phpgw_info']['server']['versions']['current_header'])
{
@@ -227,6 +214,21 @@
}
unset($cache_query);
unset($server_info_cache);
+
+ // Remove this and I will make sure that you lose important parts of
your anatomy - skwashd
+ $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
+ $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
+ $data_cleaner = createObject('phpgwapi.data_cleaner');
+ foreach ( $to_cleans as $to_clean )
+ {
+ if ( isset($GLOBALS[$to_clean]) &&
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
+ {
+ $GLOBALS[$to_clean] = clean_vars($GLOBALS[$to_clean]);
+ $GLOBALS["HTTP{$to_clean}_VARS"] =
$GLOBALS[$to_clean];//legacy app support - will be dropped in 18
+ }
+ }
+ unset($data_cleaner);
+
if(@isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) && !$HTTPS)
{
Header('Location: https://' .
$GLOBALS['phpgw_info']['server']['hostname'] .
$GLOBALS['phpgw_info']['server']['webserver_url'] . $_SERVER['REQUEST_URI']);
====================================================
Index: phpgwapi/inc/class.data_cleaner.inc.php
diff -u phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.1
phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2
--- phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.1 Wed Aug 24 13:46:44 2005
+++ phpgwapi/inc/class.data_cleaner.inc.php Mon Sep 5 19:30:23 2005
@@ -244,7 +244,13 @@
}
/* Try to derefer all external references. */
- $data =
preg_replace_callback('/href\s*=\s*(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
+ //XXX external references begin with http(s) isnt'it ? what
should I do if it's not external ?? like href="/tata"
+ // Just try to save a <a href="titi.org"> my site </a>
+ // you get a <a href="/phpgw/redirect.php?go=titi.org"> my site
</a>
+ // Save a second time and you will get :
+ // <a
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
+ // ....
+ $data =
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
create_function('$m', 'return \'href="\' .
(strlen($m[2]) && $m[2]{0} == \'#\' ? $m[2] :
$GLOBALS[\'phpgw\']->safe_redirect($m[2])) . \'"\';'),
$data);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class.data_cleaner.inc.php, 1.1.2.2,
Caeies <=