mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-08 07:36:32 +02:00
Code Issues Releases Wiki Activity

Fixes #688 - filter query.

Browse Source
This commit is contained in:
Cameron
2015-02-21 13:12:17 -08:00
parent 3e2c4a437a
commit ac83a2f46c
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
e107_handlers/e107_class.php
View File

@@ -2817,7 +2817,15 @@ class e107
$input = preg_replace("/(\[code\])(.*?)(\[\/code\])/is","",$input); $input = preg_replace("/(\[code\])(.*?)(\[\/code\])/is","",$input);
} }
$regex = "/(document\.location|document\.write|base64_decode|chr|php_uname|fwrite|fopen|fputs|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) *?\((.*) ?\;?/i"; $regex = "/(base64_decode|chr|php_uname|fwrite|fopen|fputs|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) *?\((.*) ?\;?/i";
if(preg_match($regex,$input))
{
header('HTTP/1.0 400 Bad Request', true, 400);
exit();
}
// Check for XSS JS
$regex = "/(document\.location|document\.write|document\.cookie)/i";
if(preg_match($regex,$input)) if(preg_match($regex,$input))
{ {
header('HTTP/1.0 400 Bad Request', true, 400); header('HTTP/1.0 400 Bad Request', true, 400);