mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-04-20 04:32:01 +02:00
Code Issues Releases Wiki Activity

Parser cleanup

Browse Source
This commit is contained in:
Cameron 2017-09-19 16:19:39 -07:00
parent 80d69c4293
commit 02e80f50de
8 changed files with 170 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
comment.php
View File

@ -103,21 +103,22 @@ if(e_AJAX_REQUEST) // TODO improve security
}
// Insert Comment and return rendered html.
if(vartrue($_POST['comment'])) // ajax render comment
if(!empty($_POST['comment'])) // ajax render comment
{
$pid = intval(varset($_POST['pid'], 0)); // ID of the specific comment being edited (nested comments - replies)
$row = array();
$clean_authorname = vartrue($_POST['author_name'],USERNAME);
$clean_comment = $_POST['comment'];
$clean_subject = $_POST['subject'];
$clean_authorname = vartrue(filter_var($_POST['author_name'],FILTER_SANITIZE_STRING),USERNAME);
$clean_comment = e107::getParser()->toText($_POST['comment']);
$clean_subject = e107::getParser()->filter($_POST['subject'],'str');
$clean_table = e107::getParser()->filter($_POST['table'],'str');
$_SESSION['comment_author_name'] = $clean_authorname;
$row['comment_pid'] = $pid;
$row['comment_item_id'] = intval($_POST['itemid']);
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($_POST['table'],true));
$row['comment_subject'] = $tp->toDB($_POST['subject']);
$row['comment_comment'] = $tp->toDB($_POST['comment']);
$row['comment_type'] = e107::getComment()->getCommentType($tp->toDB($clean_table,true));
$row['comment_subject'] = $tp->toDB($clean_subject);
$row['comment_comment'] = $tp->toDB($clean_comment);
$row['user_image'] = USERIMAGE;
$row['user_id'] = (USERID) ? USERID : 0;
$row['user_name'] = USERNAME;

27
e107_core/shortcodes/batch/signup_shortcodes.php
View File

@ -183,7 +183,8 @@ class signup_shortcodes extends e_shortcode
if (check_class($pref['displayname_class']))
{
$dis_name_len = varset($pref['displayname_maxlength'],15);
return e107::getForm()->text('username', ($_POST['username'] ? $_POST['username'] : ''), $dis_name_len);
$val = ($_POST['username']) ? filter_var($_POST['username'], FILTER_SANITIZE_STRING) : '';
return e107::getForm()->text('username', $val, $dis_name_len);
}
}
@ -210,8 +211,10 @@ class signup_shortcodes extends e_shortcode
$options['pattern'] = '[\S]*';
$options['class'] = vartrue($parm['class'],'');
$options['placeholder'] = vartrue($parm['placeholder']) ? $parm['placeholder'] : '';
return e107::getForm()->text('loginname', ($_POST['loginname'] ? $_POST['loginname'] : ''), $log_name_length, $options);
$val = ($_POST['loginname']) ? filter_var($_POST['loginname'], FILTER_SANITIZE_STRING) : '';
return e107::getForm()->text('loginname', $val, $log_name_length, $options);
}
}
@ -230,8 +233,10 @@ class signup_shortcodes extends e_shortcode
$options['title'] = LAN_SIGNUP_110;
$options['class'] = vartrue($parm['class'],'');
$options['placeholder'] = vartrue($parm['placeholder'],'');
return e107::getForm()->text('realname', ($_POST['realname'] ? $_POST['realname'] : ''), 100, $options);
$val = ($_POST['realname']) ? filter_var($_POST['realname'], FILTER_SANITIZE_STRING) : '';
return e107::getForm()->text('realname', $val, 100, $options);
}
@ -325,9 +330,11 @@ class signup_shortcodes extends e_shortcode
$options = array('size'=>30,'required'=>1,'class'=>'tbox form-control e-email');
$options['title'] = LAN_SIGNUP_108; // Must be a valid email address.
$options['class'] = vartrue($parm['class'],'');
$options['placeholder'] = vartrue($parm['placeholder'],'');
$options['placeholder'] = vartrue($parm['placeholder'],'');
$text = e107::getForm()->email('email',vartrue($_POST['email'], ''),100,$options);
$val = !empty($_POST['email']) ? filter_var($_POST['email'], FILTER_SANITIZE_EMAIL) : '';
$text = e107::getForm()->email('email', $val,100,$options);
$text .= "<div class='e-email-hint alert-warning' style='display:none; padding:10px' data-hint='Did you mean <b>[x]</b>?'><!-- --></div>";
$text .= "<input type='text' name='email2' value='' style='display:none' />"; // spam-trap.
return $text;
@ -348,8 +355,10 @@ class signup_shortcodes extends e_shortcode
$options['class'] = 'tbox input-text e-email';
$options['class'] = vartrue($parm['class'],'tbox input-text e-email');
$options['placeholder'] = vartrue($parm['placeholder'],'');
return e107::getForm()->email('email_confirm', vartrue($_POST['email_confirm']), 100, $options);
$val = !empty($_POST['email_confirm']) ? filter_var($_POST['email_confirm'], FILTER_SANITIZE_EMAIL) : '';
return e107::getForm()->email('email_confirm', $val, 100, $options);
}

13
e107_handlers/comment_class.php
View File

@ -648,6 +648,11 @@ class comment
}
$tp = e107::getParser();
// if(THEME_LEGACY !== true) // old themes might still use bbcodes.
{
$comment = $tp->toText($comment);
}
$comment = trim($comment);
@ -711,7 +716,8 @@ class comment
{
$author_name = $data; //BC Fix.
}
global $e107,$rater;
@ -720,6 +726,11 @@ class comment
$tp = e107::getParser();
$pref = e107::getPref();
// if(THEME_LEGACY !== true) // old themes might still use bbcodes.
{
$comment = $tp->toText($comment);
}
if ($this->getCommentPermissions() != 'rw') return;
if ($user_func = e107::getOverride()->check($this,'enter_comment'))

9
e107_handlers/e_parse_class.php
View File

@ -2374,7 +2374,12 @@ class e_parse extends e_parser
function toText($text)
{
if($this->isHtml($text)==true)
if($this->isBbcode($text) === true) // convert any bbcodes to html
{
$text = $this->toHtml($text,true);
}
if($this->isHtml($text) === true) // strip any html.
{
$text = $this->toHtml($text,true);
$text = strip_tags($text);
@ -4103,7 +4108,7 @@ class e_parser
return false;
}
$bbsearch = array('[/h]', '[/b]', '[/link]', '[/right]', '[/center]', '[/flash]', '[/code]', '[/table]');
$bbsearch = array('[/img]','[/h]', '[/b]', '[/link]', '[/right]', '[/center]', '[/flash]', '[/code]', '[/table]');
foreach($bbsearch as $v)
{

225
e107_handlers/upload_handler.php
View File

@ -615,118 +615,132 @@ function get_image_mime($filename, $extended = false)
*/
//TODO - Move this function to file_class.php
function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = FALSE)
{
// 1. Start by checking against filetypes - that's the easy one!
$file_ext = strtolower(substr(strrchr($target_name, '.'), 1));
if (!isset($allowed_filetypes[$file_ext]))
function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = false)
{
if (is_bool($unknown))
return 1; // Reject out of hand if no possible alternative extensions
// Otherwise, it could be in the supplementary list
$tmp = explode(',', $unknown);
for ($i = 0; $i < count($tmp); $i++)
{
$tmp[$i] = strtolower(trim(str_replace('.', '', $tmp[$i])));
}
if (!in_array($file_ext, $tmp))
return 6;
}
// 2. For all files, read the first little bit to check for any flags etc
$res = fopen($filename, 'rb');
$tstr = fread($res, 100);
fclose($res);
if ($tstr === FALSE)
{
return 2; // If can't read file, not much use carrying on!
}
if (stristr($tstr, '<?php') !== FALSE)
{
return 3; // Pretty certain exploit
}
if (stristr($tstr,'<?') !== FALSE) // Bit more tricky - can sometimes be OK
{
if (stristr($tstr, '<?xpacket') === FALSE) // Allow the XMP header produced by CS4
{
return 7;
}
}
// 1. Start by checking against filetypes - that's the easy one!
$file_ext = strtolower(substr(strrchr($target_name, '.'), 1));
// 3. Now do what we can based on file extension
switch ($file_ext)
{
case 'jpg':
case 'gif':
case 'png':
case 'jpeg':
case 'pjpeg':
case 'bmp':
case 'swf':
case 'fla':
case 'flv':
case 'swc':
case 'psd':
case 'ai':
case 'eps':
case 'svg':
case 'tiff':
case 'jpc': // http://fileinfo.com/extension/jpc
case 'jpx': // http://fileinfo.com/extension/jpx
case 'jb2': // http://fileinfo.com/extension/jb2
case 'jp2': // http://fileinfo.com/extension/jp2
case 'iff':
case 'wbmp':
case 'xbm':
case 'ico':
$ret = get_image_mime($filename);
if ($ret === false)
if(!isset($allowed_filetypes[$file_ext]))
{
if(is_bool($unknown))
{
return 4; // exif_imagetype didn't recognize the image mime
return 1;
} // Reject out of hand if no possible alternative extensions
// Otherwise, it could be in the supplementary list
$tmp = explode(',', $unknown);
for($i = 0; $i < count($tmp); $i++)
{
$tmp[$i] = strtolower(trim(str_replace('.', '', $tmp[$i])));
}
// getimagesize() is extremely slow + it can't handle all required media!!! Abandon this check!
// return 5; // Zero size picture or bad file format
break;
case 'zip':
case 'gzip':
case 'gz':
case 'tar':
case 'bzip':
case 'pdf':
case 'doc':
case 'docx':
case 'xls':
case 'xlsx':
case 'rar':
case '7z':
case 'csv':
case 'mp3':
case 'wav':
case 'mp4':
case 'mpg':
case 'mpa':
case 'wma':
case 'wmv':
case 'flv': //Flash stream
case 'f4v': //Flash stream
case 'mov': //media
case 'avi': //media
break; // Just accept these
case 'php':
case 'htm':
case 'html':
case 'cgi':
case 'pl':
return 9; // Never accept these! Whatever the user thinks!
default:
if (is_bool($unknown))
return ($unknown ? TRUE : 8);
if(!in_array($file_ext, $tmp))
{
return 6;
}
}
return TRUE; // Accepted here
// 2. For all files, read the first little bit to check for any flags etc
$res = fopen($filename, 'rb');
$tstr = fread($res, 2048);
fclose($res);
if($tstr === false)
{
return 2; // If can't read file, not much use carrying on!
}
if(stripos($tstr, '<?php') !== false)
{
return 3; // Pretty certain exploit
}
if(strpos($tstr, '<?') !== false) // Bit more tricky - can sometimes be OK
{
if(stripos($tstr, '<?xpacket') === false) // Allow the XMP header produced by CS4
{
return 7;
}
}
// 3. Now do what we can based on file extension
switch($file_ext)
{
case 'jpg':
case 'gif':
case 'png':
case 'jpeg':
case 'pjpeg':
case 'bmp':
case 'swf':
case 'fla':
case 'flv':
case 'swc':
case 'psd':
case 'ai':
case 'eps':
case 'svg':
case 'tiff':
case 'jpc': // http://fileinfo.com/extension/jpc
case 'jpx': // http://fileinfo.com/extension/jpx
case 'jb2': // http://fileinfo.com/extension/jb2
case 'jp2': // http://fileinfo.com/extension/jp2
case 'iff':
case 'wbmp':
case 'xbm':
case 'ico':
$ret = get_image_mime($filename);
if($ret === false)
{
return 4; // exif_imagetype didn't recognize the image mime
}
// getimagesize() is extremely slow + it can't handle all required media!!! Abandon this check!
// return 5; // Zero size picture or bad file format
break;
case 'zip':
case 'gzip':
case 'gz':
case 'tar':
case 'bzip':
case 'pdf':
case 'doc':
case 'docx':
case 'xls':
case 'xlsx':
case 'rar':
case '7z':
case 'csv':
case 'mp3':
case 'wav':
case 'mp4':
case 'mpg':
case 'mpa':
case 'wma':
case 'wmv':
case 'flv': //Flash stream
case 'f4v': //Flash stream
case 'mov': //media
case 'avi': //media
break; // Just accept these
case 'php':
case 'htm':
case 'html':
case 'cgi':
case 'pl':
return 9; // Never accept these! Whatever the user thinks!
default:
if(is_bool($unknown))
{
return ($unknown ? true : 8);
}
}
return true; // Accepted here
}
@ -761,6 +775,7 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
$a_filetypes = trim(file_get_contents(e_ADMIN.$def_file));
$a_filetypes = explode(',', $a_filetypes);
}
foreach ($a_filetypes as $ftype)
{
$ftype = strtolower(trim(str_replace('.', '', $ftype)));

2
e107_handlers/user_handler.php
View File

@ -844,7 +844,7 @@ Following fields auto-filled in code as required:
{
$errMsg = ERR_INVALID_EMAIL;
}
elseif ($u_sql->db_Count('user', '(*)', "WHERE `user_email`='".$v."' AND `user_ban`=1 "))
elseif ($u_sql->count('user', '(*)', "WHERE `user_email`='".filter_var($v,FILTER_SANITIZE_EMAIL)."' AND `user_ban`=1 "))
{
$errMsg = ERR_BANNED_USER;
}

2
e107_handlers/validator_class.php
View File

@ -1256,7 +1256,7 @@ class validatorClass
break;
}
$field = varset($options['dbFieldName'],$f);
if ($temp = $u_sql->db_Count($targetTable, "(*)", "WHERE `{$f}`='".$v."' AND `user_id` != ".$userID))
if ($temp = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='".filter_var($v, FILTER_SANITIZE_STRING)."' AND `user_id` != ".$userID))
{
$errMsg = ERR_DUPLICATE;
}

6
e107_plugins/faqs/faqs.php
View File

@ -81,8 +81,8 @@ if (isset($_POST['faq_submit']))
{
$faq_question = $aj->formtpa($_POST['faq_question'], "on");
$data = $aj->formtpa($_POST['data'], "on");
$count = ($sql->db_Count("faqs", "(*)", "WHERE faq_parent='".$_POST['faq_parent']."' ") + 1);
$sql->db_Insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".$_POST['faq_comment']."', '".time()."', '".USERID."', '".$count."' ");
$count = ($sql->db_Count("faqs", "(*)", "WHERE faq_parent='".intval($_POST['faq_parent'])."' ") + 1);
$sql->db_Insert("faqs", " 0, '".$_POST['faq_parent']."', '$faq_question', '$data', '".filter_var($_POST['faq_comment'], FILTER_SANITIZE_STRING)."', '".time()."', '".USERID."', '".$count."' ");
$message = FAQ_ADLAN_32;
unset($faq_question, $data);
}
@ -100,7 +100,7 @@ if (isset($_POST['faq_edit_submit']))
$faq_question = $aj->formtpa($_POST['faq_question'], "on");
$data = $aj->formtpa($_POST['data'], "on");
$sql->db_Update("faqs", "faq_parent='".$_POST['faq_parent']."', faq_question ='$faq_question', faq_answer='$data', faq_comment='".$_POST['faq_comment']."' WHERE faq_id='".$idx."' ");
$sql->db_Update("faqs", "faq_parent='".intval($_POST['faq_parent'])."', faq_question ='$faq_question', faq_answer='$data', faq_comment='".$_POST['faq_comment']."' WHERE faq_id='".$idx."' ");
$message = FAQ_ADLAN_29;
unset($faq_question, $data);
}