mantisbt/core string_api.php,1.75.4.2.2.1,1.75.4.2: msg#00009 bug-tracking.mantis.cvs

Update of /cvsroot/mantisbt/mantisbt/core
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2946/core

Modified Files:
Tag: BRANCH_1_0_0rc5
string_api.php print_api.php html_api.php
Log Message:
fix for 0006044: 'Return' _GET is not checked
replaced string_strip_tags with php function

Index: html_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/html_api.php,v
retrieving revision 1.184.4.1.2.1
retrieving revision 1.184.4.1.2.1.2.1
diff -u -d -r1.184.4.1.2.1 -r1.184.4.1.2.1.2.1
--- html_api.php 10 Jan 2006 11:38:07 -0000 1.184.4.1.2.1
+++ html_api.php 3 Feb 2006 03:56:33 -0000 1.184.4.1.2.1.2.1
@@ -234,7 +234,9 @@
$p_time = config_get( 'wait_time' );
}

- echo "\t<meta http-equiv=\"Refresh\"
content=\"$p_time;URL=$p_url\" />\n";
+ $t_url = string_sanitize_url( $p_url );
+
+ echo "\t<meta http-equiv=\"Refresh\"
content=\"$p_time;URL=$t_url\" />\n";

return true;
}

Index: string_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/string_api.php,v
retrieving revision 1.75.4.2.2.1
retrieving revision 1.75.4.2.2.1.2.1
diff -u -d -r1.75.4.2.2.1 -r1.75.4.2.2.1.2.1
--- string_api.php 1 Jan 2006 02:58:50 -0000 1.75.4.2.2.1
+++ string_api.php 3 Feb 2006 03:56:33 -0000 1.75.4.2.2.1.2.1
@@ -174,6 +174,35 @@
}

# --------------------
+ # validate the url as part of this site before continuing
+ function string_sanitize_url( $p_url ) {
+
+ $t_url = strip_tags( urldecode( $p_url ) );
+ if ( preg_match( '?http(s)*://?', $t_url ) > 0 ) {
+ // no embedded addresses
+ if ( preg_match( '?^' . config_get( 'path' ) . '?',
$t_url ) == 0 ) {
+ // url is ok if it begins with our path, if
not, replace it
+ $t_url = 'index.php';
+ }
+ }
+ if ( $t_url == '' ) {
+ $t_url = 'index.php';
+ }
+
+ // split and encode parameters
+ if ( strpos( '?', $t_url ) !== FALSE ) {
+ list( $t_path, $t_param ) = split( '\?', $t_url, 2 );
+ if ( $t_param !== "" ) {
+ return $t_path . '?' . urlencode( $t_param );
+ } else {
+ return $t_path;
+ }
+ } else {
+ return $t_url;
+ }
+ }
+
+ # --------------------
# process the $p_string and convert filenames in the format
# cvs:filename.ext or cvs:filename.ext:n.nn to a html link
# if $p_include_anchor is true, include an <a href="..."> tag,
@@ -385,45 +414,6 @@
}

# --------------------
- # strip all tags from a string
- # This will remove HTML tags, javascript sections
- # and white space. It will also convert some
- # common HTML entities to their text equivalent.
- function string_strip_tags( $p_string ) {
- $t_search = array(
- '@<script[^>]*?>.*?</script>@si', /*
Strip out javascript */
- '@<[\/\!]*?[^<>]*?>@si',
/* Strip out HTML tags */
- '@([\r\n])[\s]+@',
/* Strip out white space */
- '@&(quot|#34);@i',
/* Replace HTML entities */
- '@&(amp|#38);@i',
- '@&(lt|#60);@i',
- '@&(gt|#62);@i',
- '@&(nbsp|#160);@i',
- '@&(iexcl|#161);@i',
- '@&(cent|#162);@i',
- '@&(pound|#163);@i',
- '@&(copy|#169);@i',
- '@&#(\d+);@e' );
/* evaluate as php */
-
- $t_replace = array(
- '',
- '',
- '\1',
- '"',
- '&',
- '<',
- '>',
- ' ',
- chr(161),
- chr(162),
- chr(163),
- chr(169),
- 'chr(\1)' );
-
- return preg_replace($t_search, $t_replace, $p_string);
- }
-
- # --------------------
# This function looks for text with htmlentities
# like <b> and converts is into corresponding
# html <b> based on the configuration presets

Index: print_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/print_api.php,v
retrieving revision 1.143.6.1
retrieving revision 1.143.6.1.4.1
diff -u -d -r1.143.6.1 -r1.143.6.1.4.1
--- print_api.php 8 Dec 2005 22:28:16 -0000 1.143.6.1
+++ print_api.php 3 Feb 2006 03:56:33 -0000 1.143.6.1.4.1
@@ -32,15 +32,18 @@
if ( ON == config_get( 'stop_on_errors' ) && error_handled() ) {
return false;
}
+
+ # validate the url as part of this site before continuing
+ $t_url = string_sanitize_url( $p_url );

# don't send more headers if they have already been sent
(guideweb)
if ( ! headers_sent() ) {
header( 'Content-Type: text/html; charset=' . lang_get(
'charset' ) );

if ( ON == $t_use_iis ) {
- header( "Refresh: 0;url=$p_url" );
+ header( "Refresh: 0;url=$t_url" );
} else {
- header( "Location: $p_url" );
+ header( "Location: $t_url" );
}
} else {
return false;

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Previous by Date:	mantisbt query_store.php,1.4.14.1,1.4.14.1.2.1 manage_proj_create.php,1.7.14.1,1.7.14.1.2.1, Glenn Henshaw
Next by Date:	mantisbt/core string_api.php,1.79,1.80 print_api.php,1.149,1.150 html_api.php,1.186,1.187, Glenn Henshaw
Previous by Thread:	mantisbt query_store.php,1.4.14.1,1.4.14.1.2.1 manage_proj_create.php,1.7.14.1,1.7.14.1.2.1, Glenn Henshaw
Next by Thread:	mantisbt/core string_api.php,1.79,1.80 print_api.php,1.149,1.150 html_api.php,1.186,1.187, Glenn Henshaw
Indexes:	[Date] [Thread] [Top] [All Lists]

mantisbt/core string_api.php,1.75.4.2.2.1,1.75.4.2.2.1.2.1 print_api.php,1.: msg#00009

bug-tracking.mantis.cvs

Free Magazines

<Prev in Thread]	Current Thread	[Next in Thread>