mirror of
				https://github.com/e107inc/e107.git
				synced 2025-10-26 11:18:09 +01:00 
			
		
		
		
	Improve html abuse filter, support class bbcodes (non-nestable) in main parser loop
This commit is contained in:
		| @@ -137,22 +137,22 @@ class e_parse | |||||||
| 				// text is part of the summary of a longer item (e.g. content summary) | 				// text is part of the summary of a longer item (e.g. content summary) | ||||||
| 				'SUMMARY' => | 				'SUMMARY' => | ||||||
| 					array( | 					array( | ||||||
| 						'defs'=>TRUE, 'constants'=>'rel', 'parse_sc'=>TRUE | 						'defs'=>TRUE, 'constants'=>'full', 'parse_sc'=>TRUE | ||||||
| 						), | 						), | ||||||
| 				// text is the description of an item (e.g. download, link) | 				// text is the description of an item (e.g. download, link) | ||||||
| 				'DESCRIPTION' => | 				'DESCRIPTION' => | ||||||
| 					array( | 					array( | ||||||
| 						'defs'=>TRUE, 'constants'=>'rel', 'parse_sc'=>TRUE | 						'defs'=>TRUE, 'constants'=>'full', 'parse_sc'=>TRUE | ||||||
| 						), | 						), | ||||||
| 				// text is 'body' or 'bulk' text (e.g. custom page body, content body) | 				// text is 'body' or 'bulk' text (e.g. custom page body, content body) | ||||||
| 				'BODY' => | 				'BODY' => | ||||||
| 					array( | 					array( | ||||||
| 						'defs'=>TRUE, 'constants'=>'rel', 'parse_sc'=>TRUE | 						'defs'=>TRUE, 'constants'=>'full', 'parse_sc'=>TRUE | ||||||
| 						), | 						), | ||||||
| 				// text is user-entered (i.e. untrusted)'body' or 'bulk' text (e.g. custom page body, content body) | 				// text is user-entered (i.e. untrusted)'body' or 'bulk' text (e.g. custom page body, content body) | ||||||
| 				'USER_BODY' => | 				'USER_BODY' => | ||||||
| 					array( | 					array( | ||||||
| 						'constants'=>TRUE, 'scripts' => FALSE | 						'constants'=>'full', 'scripts' => FALSE | ||||||
| 						), | 						), | ||||||
| 				// text is 'body' of email or similar - being sent 'off-site' so don't rely on server availability | 				// text is 'body' of email or similar - being sent 'off-site' so don't rely on server availability | ||||||
| 				'E_BODY' => | 				'E_BODY' => | ||||||
| @@ -543,15 +543,14 @@ class e_parse | |||||||
| 		{ | 		{ | ||||||
| 			$checkTags = explode(',', $tagList); | 			$checkTags = explode(',', $tagList); | ||||||
| 		} | 		} | ||||||
| 		$data = preg_replace('#\[code.*?\[\/code\]#i', '', $data);		// Ignore code blocks | 		$data = strtolower(preg_replace('#\[code.*?\[\/code\]#i', '', $data));		// Ignore code blocks. All lower case simplifies subsequent processing | ||||||
| 		foreach ($checkTags as $tag) | 		foreach ($checkTags as $tag) | ||||||
| 		{ | 		{ | ||||||
| 			if (($pos = stripos($data, '</'.$tag)) !== FALSE) | 			$aCount = substr_count($data,  '<'.$tag);			// Count opening tags | ||||||
|  | 			$bCount = substr_count($data,  '</'.$tag);			// Count closing tags | ||||||
|  | 			if ($aCount != $bCount) | ||||||
| 			{ | 			{ | ||||||
| 				if ((($bPos = stripos($data, '<'.$tag )) === FALSE) || ($bPos > $pos)) | 				return TRUE;		// Potentially abusive HTML found - tags don't balance | ||||||
| 				{ |  | ||||||
| 					return TRUE;		// Potentially abusive HTML found |  | ||||||
| 				} |  | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		return FALSE;		// Nothing detected | 		return FALSE;		// Nothing detected | ||||||
| @@ -1370,8 +1369,11 @@ class e_parse | |||||||
| 					// $matches[4] - bit between the tags (i.e. text to process) | 					// $matches[4] - bit between the tags (i.e. text to process) | ||||||
| 					// $matches[5] - closing tag | 					// $matches[5] - closing tag | ||||||
| 					// In case we decide to load a file | 					// In case we decide to load a file | ||||||
| 					$bbFile = e_CORE.'bbcodes/'.strtolower(str_replace('_', '', $matches[2])).'.bb'; | 					$bbPath = e_CORE.'bbcodes/'; | ||||||
|  | 					$bbFile = strtolower(str_replace('_', '', $matches[2])); | ||||||
| 					$bbcode = ''; | 					$bbcode = ''; | ||||||
|  | 					$className = ''; | ||||||
|  | 					$full_text = ''; | ||||||
| 					$code_text = $matches[4]; | 					$code_text = $matches[4]; | ||||||
| 					$parm = $matches[3] ? substr($matches[3],1) : ''; | 					$parm = $matches[3] ? substr($matches[3],1) : ''; | ||||||
| 					$last_bbcode = $matches[2]; | 					$last_bbcode = $matches[2]; | ||||||
| @@ -1389,7 +1391,7 @@ class e_parse | |||||||
| 			//				if (!$matches[3]) $bbcode = str_replace($search, $replace, $matches[4]); | 			//				if (!$matches[3]) $bbcode = str_replace($search, $replace, $matches[4]); | ||||||
| 							// Because we're bypassing most of the initial parser processing, we should be able to just reverse the effects of toDB() and execute the code | 							// Because we're bypassing most of the initial parser processing, we should be able to just reverse the effects of toDB() and execute the code | ||||||
| 							// [SecretR] - avoid php code injections, missing php.bb will completely disable user posted php blocks | 							// [SecretR] - avoid php code injections, missing php.bb will completely disable user posted php blocks | ||||||
| 							$bbcode = file_get_contents($bbFile); | 							$bbcode = file_get_contents($bbPath.$bbFile.'.bb'); | ||||||
| 							if (!$matches[3]) | 							if (!$matches[3]) | ||||||
| 							{ | 							{ | ||||||
| 								$code_text = html_entity_decode($matches[4], ENT_QUOTES, 'UTF-8'); | 								$code_text = html_entity_decode($matches[4], ENT_QUOTES, 'UTF-8'); | ||||||
| @@ -1405,26 +1407,36 @@ class e_parse | |||||||
| 							$proc_funcs = TRUE; | 							$proc_funcs = TRUE; | ||||||
|  |  | ||||||
| 						default :		// Most bbcodes will just execute their normal file | 						default :		// Most bbcodes will just execute their normal file | ||||||
| 							// Just read in the code file and execute it | 							// @todo should we cache these bbcodes? require_once should make class-related codes quite efficient | ||||||
| 							/// @todo Handle class-based bbcodes | 							if (file_exists($bbPath.'bb_'.$bbFile.'.php')) | ||||||
| 							$bbcode = file_get_contents($bbFile); | 							{	// Its a bbcode class file | ||||||
|  | 								require_once($bbPath.'bb_'.$bbFile.'.php'); | ||||||
|  | 								//echo "Load: {$bbFile}.php<br />"; | ||||||
|  | 								$className = 'bb_'.$code; | ||||||
|  | 								$this->bbList[$code] = new $className(); | ||||||
|  | 							} | ||||||
|  | 							elseif (file_exists($bbPath.$bbFile.'.bb')) | ||||||
|  | 							{ | ||||||
|  | 								$bbcode = file_get_contents($bbPath.$bbFile.'.bb'); | ||||||
|  | 							} | ||||||
| 					}   // end - switch ($matches[2]) | 					}   // end - switch ($matches[2]) | ||||||
|  |  | ||||||
| 					if ($bbcode) | 					if ($className) | ||||||
|  | 					{ | ||||||
|  | 						$tempCode = new $className(); | ||||||
|  | 						$full_text = $tempCode->bbPreDisplay($matches[4], $parm); | ||||||
|  | 					} | ||||||
|  | 					elseif ($bbcode) | ||||||
| 					{	// Execute the file | 					{	// Execute the file | ||||||
| 						ob_start(); | 						$full_text = eval($bbcode);			// Require output of bbcode to be returned | ||||||
| 						$bbcode_return = eval($bbcode); |  | ||||||
| 						$bbcode_output = ob_get_contents(); |  | ||||||
| 						ob_end_clean(); |  | ||||||
| 						// added to remove possibility of nested bbcode exploits ... | 						// added to remove possibility of nested bbcode exploits ... | ||||||
| 						//   (same as in bbcode_handler - is it right that it just operates on $bbcode_return and not on $bbcode_output? - QUERY XXX-02 | 						//   (same as in bbcode_handler - is it right that it just operates on $bbcode_return and not on $bbcode_output? - QUERY XXX-02 | ||||||
| 						if(strpos($bbcode_return, "[") !== FALSE) |  | ||||||
| 						{ |  | ||||||
| 							$exp_search = array("eval", "expression"); |  | ||||||
| 							$exp_replace = array("ev<b></b>al", "expres<b></b>sion"); |  | ||||||
| 							$bbcode_return = str_replace($exp_search, $exp_replace, $bbcode_return); |  | ||||||
| 					} | 					} | ||||||
| 						$full_text = $bbcode_output.$bbcode_return; | 					if(strpos($full_text, '[') !== FALSE) | ||||||
|  | 					{ | ||||||
|  | 						$exp_search = array('eval', 'expression'); | ||||||
|  | 						$exp_replace = array('ev<b></b>al', 'expres<b></b>sion'); | ||||||
|  | 						$bbcode_return = str_replace($exp_search, $exp_replace, $full_text); | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user