extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-24 03:41:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

if we encounter potential malicious script, we run it through html::purify. we test that again against potential malicious code, and drop the content only if we fail the test against the cleaned content as well. we set egw_unset_vars at any case with the original content, in case the application in question makes use of it.

Browse Source
This commit is contained in:
Klaus Leithoff 2009-11-24 11:28:49 +00:00
parent d228a33ff1
commit e3d06b2219
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
phpgwapi/inc/common_functions.inc.php
View File

@ -1276,13 +1276,19 @@ function _check_script_tag(&$var,$name='')
{ {
if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val)) if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
{ {
error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***");
error_log(__FUNCTION__."(,$name) ${name}[$key] = ".$var[$key]); error_log(__FUNCTION__."(,$name) ${name}[$key] = ".$var[$key]);
$GLOBALS['egw_unset_vars'][$name.'['.$key.']'] =& $var[$key]; $GLOBALS['egw_unset_vars'][$name.'['.$key.']'] = $var[$key];
// attempt to clean the thing
$var[$key] = $val = html::purify($val);
// check if we succeeded, if not drop the var anyway, keep the egw_unset_var in any case
if (preg_match('/<\/?[^>]*(iframe|script\b|onabort|onblur|onchange|onclick|ondblclick|onerror|onfocus|onkeydown|onkeypress|onkeyup|onload|onmousedown|onmousemove|onmouseout|onmouseover|onmouseup|onreset|onselect|onsubmit|onunload|javascript)+[^>]*>/i',$val))
{
error_log("*** _check_script_tag($name): unset(${name}[$key]) with value $val***");
unset($var[$key]); unset($var[$key]);
} }
} }
} }
}
// in case some stupid old code expects the array-pointer to be at the start of the array // in case some stupid old code expects the array-pointer to be at the start of the array
reset($var); reset($var);
} }