[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class

phpgroupware-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class

From:	Caeies
Subject:	[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class.data_cleaner.inc.php, 1.1.2.2
Date:	Mon, 5 Sep 2005 21:30:00 +0200

Update of phpgwapi/inc

Modified Files:
     Branch: Version-0_9_16-branch
            functions.inc.php lines: +18 -16
            class.data_cleaner.inc.php lines: +8 -2

Log Message:
fixing some border effects of XSS code, approved by skwashd (after irc 
discussion)

====================================================
Index: phpgwapi/inc/functions.inc.php
diff -u phpgwapi/inc/functions.inc.php:1.121.2.13.2.24 
phpgwapi/inc/functions.inc.php:1.121.2.13.2.25
--- phpgwapi/inc/functions.inc.php:1.121.2.13.2.24      Fri Aug 26 01:33:15 2005
+++ phpgwapi/inc/functions.inc.php      Mon Sep  5 19:30:24 2005
@@ -44,10 +44,10 @@

        function clean_vars($vars)
        {
+               global $data_cleaner;
                if ( !is_array($vars) )
                {
-                       $data_cleaner = createObject('phpgwapi.data_cleaner', 
$vars);
-                       return $data_cleaner->clean();
+                       return $data_cleaner->clean($vars);
                }

                foreach ( $vars as $key => $val )
@@ -57,19 +57,6 @@
                return $vars;
        }

-       // Remove this and I will make sure that you lose important parts of 
your anatomy - skwashd
-       $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
-       $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
-       foreach ( $to_cleans as $to_clean )
-       {
-               if ( isset($GLOBALS[$to_clean]) && 
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
-               {
-                       $GLOBALS['to_clean'] = clean_vars($GLOBALS['to_clean']);
-                       $GLOBALS["HTTP{$to_change}_VARS"] = 
$GLOBALS[$to_change];//legacy app support - will be dropped in 18
-               }
-       }
-
-
        /* Make sure the header.inc.php is current. */
        if ($GLOBALS['phpgw_info']['server']['versions']['header'] < 
$GLOBALS['phpgw_info']['server']['versions']['current_header'])
        {
@@ -227,6 +214,21 @@
        }
        unset($cache_query);
        unset($server_info_cache);
+
+       // Remove this and I will make sure that you lose important parts of 
your anatomy - skwashd
+       $GLOBALS['RAW_REQUEST'] = $_REQUEST; // if you really need the raw value
+       $to_cleans = array('_GET', '_POST', '_COOKIE', '_REQUEST');
+       $data_cleaner = createObject('phpgwapi.data_cleaner');
+       foreach ( $to_cleans as $to_clean )
+       {
+               if ( isset($GLOBALS[$to_clean]) && 
is_array($GLOBALS[$to_clean]) && count($GLOBALS[$to_clean]) )
+               {
+                       $GLOBALS[$to_clean] = clean_vars($GLOBALS[$to_clean]);
+                       $GLOBALS["HTTP{$to_clean}_VARS"] = 
$GLOBALS[$to_clean];//legacy app support - will be dropped in 18
+               }
+       }
+       unset($data_cleaner);
+
        if(@isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) && !$HTTPS)
        {
                Header('Location: https://' . 
$GLOBALS['phpgw_info']['server']['hostname'] . 
$GLOBALS['phpgw_info']['server']['webserver_url'] . $_SERVER['REQUEST_URI']);

====================================================
Index: phpgwapi/inc/class.data_cleaner.inc.php
diff -u phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.1 
phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2
--- phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.1     Wed Aug 24 13:46:44 2005
+++ phpgwapi/inc/class.data_cleaner.inc.php     Mon Sep  5 19:30:23 2005
@@ -244,7 +244,13 @@
                }

                /* Try to derefer all external references. */
-               $data = 
preg_replace_callback('/href\s*=\s*(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
+               //XXX external references begin with http(s) isnt'it ? what 
should I do if it's not external ?? like href="/tata"
+               // Just try to save a <a href="titi.org"> my site </a>
+               // you get a <a href="/phpgw/redirect.php?go=titi.org"> my site 
</a>
+               // Save a second time and you will get :
+               // <a 
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
+               // ....
+               $data = 
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
                                create_function('$m', 'return \'href="\' . 
(strlen($m[2]) && $m[2]{0} == \'#\' ? $m[2] : 
$GLOBALS[\'phpgw\']->safe_redirect($m[2])) . \'"\';'),
                                $data);

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-cvs] phpgwapi/inc functions.inc.php, 1.121.2.13.2.25 class.data_cleaner.inc.php, 1.1.2.2, Caeies <=

Next by Date: [Phpgroupware-cvs] $BIwB/5U1g6f3ZIt(B
Next by thread: [Phpgroupware-cvs] $BIwB/5U1g6f3ZIt(B
Index(es):
- Date
- Thread