mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-31 22:10:45 +02:00
build
git-tools
phpBB
adm
cache
develop
add_permissions.php
adjust_avatars.php
adjust_bbcodes.php
adjust_magic_urls.php
adjust_sizes.php
adjust_smilies.php
adjust_uids.php
adjust_usernames.php
benchmark.php
calc_email_hash.php
change_smiley_ref.php
check_flash_bbcodes.php
collect_cache_stats.sh
create_schema_files.php
create_variable_overview.php
fill.php
fix_files.sh
generate_utf_casefold.php
generate_utf_confusables.php
generate_utf_tables.php
lang_duplicates.php
merge_attachment_tables.php
merge_post_tables.php
mysql_upgrader.php
nuke-db.php
regex.php
repair_bots.php
search_fill.php
set_permissions.sh
unicode_testing.php
update_email_hash.php
utf_normalizer_test.php
docs
download
files
images
includes
install
language
store
styles
.htaccess
common.php
cron.php
faq.php
feed.php
index.php
mcp.php
memberlist.php
posting.php
report.php
search.php
style.php
ucp.php
viewforum.php
viewonline.php
viewtopic.php
web.config
tests
.gitignore
README.md
phpunit.xml.all
phpunit.xml.dist
164 lines
4.7 KiB
PHP
164 lines
4.7 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* @package phpBB3
|
|
* @version $Id$
|
|
* @copyright (c) 2009, 2010 phpBB Group
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
|
*
|
|
*/
|
|
|
|
/**
|
|
* This script will check your database for potentially dangerous flash BBCode tags
|
|
*/
|
|
|
|
//
|
|
// Security message:
|
|
//
|
|
// This script is potentially dangerous.
|
|
// Remove or comment the next line (die(".... ) to enable this script.
|
|
// Do NOT FORGET to either remove this script or disable it after you have used it.
|
|
//
|
|
die("Please read the first lines of this script for instructions on how to enable it\n");
|
|
|
|
/**
|
|
*/
|
|
define('IN_PHPBB', true);
|
|
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
|
|
$phpEx = substr(strrchr(__FILE__, '.'), 1);
|
|
include($phpbb_root_path . 'common.' . $phpEx);
|
|
|
|
if (php_sapi_name() != 'cli')
|
|
{
|
|
header('Content-Type: text/plain');
|
|
}
|
|
|
|
check_table_flash_bbcodes(POSTS_TABLE, 'post_id', 'post_text', 'bbcode_uid', 'bbcode_bitfield');
|
|
check_table_flash_bbcodes(PRIVMSGS_TABLE, 'msg_id', 'message_text', 'bbcode_uid', 'bbcode_bitfield');
|
|
check_table_flash_bbcodes(USERS_TABLE, 'user_id', 'user_sig', 'user_sig_bbcode_uid', 'user_sig_bbcode_bitfield');
|
|
check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_desc', 'forum_desc_uid', 'forum_desc_bitfield');
|
|
check_table_flash_bbcodes(FORUMS_TABLE, 'forum_id', 'forum_rules', 'forum_rules_uid', 'forum_rules_bitfield');
|
|
check_table_flash_bbcodes(GROUPS_TABLE, 'group_id', 'group_desc', 'group_desc_uid', 'group_desc_bitfield');
|
|
|
|
echo "If potentially dangerous flash bbcodes were found, please reparse the posts using the Support Toolkit (http://www.phpbb.com/support/stk/) and/or file a ticket in the Incident Tracker (http://www.phpbb.com/incidents/).\n";
|
|
|
|
function check_table_flash_bbcodes($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
|
|
{
|
|
echo "Checking $content_field on $table_name\n";
|
|
|
|
$ids = get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field);
|
|
|
|
$size = sizeof($ids);
|
|
if ($size)
|
|
{
|
|
echo "Found $size potentially dangerous flash bbcodes.\n";
|
|
echo "$id_field: " . implode(', ', $ids) . "\n";
|
|
}
|
|
else
|
|
{
|
|
echo "No potentially dangerous flash bbcodes found.\n";
|
|
}
|
|
|
|
echo "\n";
|
|
}
|
|
|
|
function get_table_flash_bbcode_pkids($table_name, $id_field, $content_field, $uid_field, $bitfield_field)
|
|
{
|
|
global $db;
|
|
|
|
$ids = array();
|
|
|
|
$sql = "SELECT $id_field, $content_field, $uid_field, $bitfield_field
|
|
FROM $table_name
|
|
WHERE $content_field LIKE '%[/flash:%'
|
|
AND $bitfield_field <> ''";
|
|
|
|
$result = $db->sql_query($sql);
|
|
while ($row = $db->sql_fetchrow($result))
|
|
{
|
|
$uid = $row[$uid_field];
|
|
|
|
// thanks support toolkit
|
|
$content = html_entity_decode_utf8($row[$content_field]);
|
|
set_var($content, $content, 'string', true);
|
|
$content = utf8_normalize_nfc($content);
|
|
|
|
$bitfield_data = $row[$bitfield_field];
|
|
|
|
if (!is_valid_flash_bbcode($content, $uid) && has_flash_enabled($bitfield_data))
|
|
{
|
|
$ids[] = (int) $row[$id_field];
|
|
}
|
|
}
|
|
$db->sql_freeresult($result);
|
|
|
|
return $ids;
|
|
}
|
|
|
|
function get_flash_regex($uid)
|
|
{
|
|
return "#\[flash=([0-9]+),([0-9]+):$uid\](.*?)\[/flash:$uid\]#";
|
|
}
|
|
|
|
// extract all valid flash bbcodes
|
|
// check if the bbcode content is a valid URL for each match
|
|
function is_valid_flash_bbcode($cleaned_content, $uid)
|
|
{
|
|
$regex = get_flash_regex($uid);
|
|
|
|
$url_regex = get_preg_expression('url');
|
|
$www_url_regex = get_preg_expression('www_url');
|
|
|
|
if (preg_match_all($regex, $cleaned_content, $matches))
|
|
{
|
|
foreach ($matches[3] as $flash_url)
|
|
{
|
|
if (!preg_match("#^($url_regex|$www_url_regex)$#i", $flash_url))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
// check if a bitfield includes flash
|
|
// 11 = flash bit
|
|
function has_flash_enabled($bitfield_data)
|
|
{
|
|
$bitfield = new bitfield($bitfield_data);
|
|
return $bitfield->get(11);
|
|
}
|
|
|
|
// taken from support toolkit
|
|
function html_entity_decode_utf8($string)
|
|
{
|
|
static $trans_tbl;
|
|
|
|
// replace numeric entities
|
|
$string = preg_replace('~&#x([0-9a-f]+);~ei', 'code2utf8(hexdec("\\1"))', $string);
|
|
$string = preg_replace('~&#([0-9]+);~e', 'code2utf8(\\1)', $string);
|
|
|
|
// replace literal entities
|
|
if (!isset($trans_tbl))
|
|
{
|
|
$trans_tbl = array();
|
|
|
|
foreach (get_html_translation_table(HTML_ENTITIES) as $val=>$key)
|
|
$trans_tbl[$key] = utf8_encode($val);
|
|
}
|
|
return strtr($string, $trans_tbl);
|
|
}
|
|
|
|
// taken from support toolkit
|
|
// Returns the utf string corresponding to the unicode value (from php.net, courtesy - romans@void.lv)
|
|
function code2utf8($num)
|
|
{
|
|
if ($num < 128) return chr($num);
|
|
if ($num < 2048) return chr(($num >> 6) + 192) . chr(($num & 63) + 128);
|
|
if ($num < 65536) return chr(($num >> 12) + 224) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
|
|
if ($num < 2097152) return chr(($num >> 18) + 240) . chr((($num >> 12) & 63) + 128) . chr((($num >> 6) & 63) + 128) . chr(($num & 63) + 128);
|
|
return '';
|
|
}
|