mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 20:00:37 +02:00
Code Issues Releases Wiki Activity

Additional input filtering.

Browse Source
This commit is contained in:
Cameron
2015-04-24 11:41:58 -07:00
parent 36fb58192a
commit dcda195679
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
e107_handlers/e107_class.php
View File

@@ -2931,6 +2931,18 @@ class e107
exit(); exit();
} }
// Suspicious HTML.
if(strpos($input, '<body/onload')!==false)
{
header('HTTP/1.0 400 Bad Request', true, 400);
if(deftrue('e_DEBUG'))
{
echo "Bad Request: ".__METHOD__." : ". __LINE__;
}
exit();
}
if(preg_match("/system\((.*);.*\)/i",$input)) if(preg_match("/system\((.*);.*\)/i",$input))
{ {
header('HTTP/1.0 400 Bad Request', true, 400); header('HTTP/1.0 400 Bad Request', true, 400);