From e3d06b22194beef054a7fb751b091d15d85a74d8 Mon Sep 17 00:00:00 2001 From: Klaus Leithoff Date: Tue, 24 Nov 2009 11:28:49 +0000 Subject: [PATCH] if we encounter potential malicious script, we run it through html::purify. we test that again against potential malicious code, and drop the content only if we fail the test against the cleaned content as well. we set egw_unset_vars at any case with the original content, in case the application in question makes use of it. --- phpgwapi/inc/common_functions.inc.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/phpgwapi/inc/common_functions.inc.php b/phpgwapi/inc/common_functions.inc.php index 57fb854b15..3f64239e20 100755 --- a/phpgwapi/inc/common_functions.inc.php +++ b/phpgwapi/inc/common_functions.inc.php @@ -1276,10 +1276,16 @@ function _check_script_tag(&$var,$name='') { if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val)) { - error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***"); error_log(__FUNCTION__."(,$name) ${name}[$key] = ".$var[$key]); - $GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key]; - unset($var[$key]); + $GLOBALS['egw_unset_vars'][$name.'['.$key.']'] = $var[$key]; + // attempt to clean the thing + $var[$key] = $val = html::purify($val); + // check if we succeeded, if not drop the var anyway, keep the egw_unset_var in any case + if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val)) + { + error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***"); + unset($var[$key]); + } } } }