| changeset 21 | 663fcf528726 |
| parent 19 | 5d003b6c9e89 |
| child 22 | d0314575e2f0 |
| 20:40105681f495 | 21:663fcf528726 |
|---|---|
1 <?php |
1 <?php |
2 |
2 |
3 /* |
3 /* |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
5 * Version 1.0 release candidate 3 (Druid) |
5 * Version 1.0 (Banshee) |
6 * Copyright (C) 2006-2007 Dan Fuhry |
6 * Copyright (C) 2006-2007 Dan Fuhry |
7 * |
7 * |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
10 * |
10 * |
1437 continue; |
1437 continue; |
1438 } |
1438 } |
1439 } |
1439 } |
1440 elseif ( $in_tag && $trk_name ) |
1440 elseif ( $in_tag && $trk_name ) |
1441 { |
1441 { |
1442 $is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' ); |
1442 $is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' ); |
1443 if ( $is_alphabetical ) |
1443 if ( $is_alphabetical ) |
1444 $tag_name .= $chr; |
1444 $tag_name .= $chr; |
1445 else |
1445 else |
1446 { |
1446 { |
1447 $trk_name = false; |
1447 $trk_name = false; |
1453 // Vulnerability from ha.ckers.org/xss.html: |
1453 // Vulnerability from ha.ckers.org/xss.html: |
1454 // <script src="http://foo.com/xss.js" |
1454 // <script src="http://foo.com/xss.js" |
1455 // < |
1455 // < |
1456 // The rule is so specific because everything else will have been filtered by now |
1456 // The rule is so specific because everything else will have been filtered by now |
1457 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html); |
1457 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html); |
1458 |
|
1459 // Unstrip comments |
|
1460 $html = preg_replace('/<!--([^>]*?)-->/i', '', $html); |
|
1458 |
1461 |
1459 return $html; |
1462 return $html; |
1460 |
1463 |
1461 } |
1464 } |
1462 |
1465 |
1848 { |
1851 { |
1849 |
1852 |
1850 // Remove character escapes |
1853 // Remove character escapes |
1851 $page_id = dirtify_page_id($page_id); |
1854 $page_id = dirtify_page_id($page_id); |
1852 |
1855 |
1853 $pid_clean = preg_replace('/[\w\/:;\(\)@\[\]_-]/', 'X', $page_id); |
1856 $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id); |
1854 $pid_dirty = enano_str_split($pid_clean, 1); |
1857 $pid_dirty = enano_str_split($pid_clean, 1); |
1855 |
1858 |
1856 foreach ( $pid_dirty as $id => $char ) |
1859 foreach ( $pid_dirty as $id => $char ) |
1857 { |
1860 { |
1858 if ( $char == 'X' ) |
1861 if ( $char == 'X' ) |
1876 $page_id_cleaned .= $char; |
1879 $page_id_cleaned .= $char; |
1877 else |
1880 else |
1878 $page_id_cleaned .= $pid_dirty[$id]; |
1881 $page_id_cleaned .= $pid_dirty[$id]; |
1879 } |
1882 } |
1880 |
1883 |
1881 global $mime_types; |
1884 // global $mime_types; |
1882 |
1885 |
1883 $exts = array_keys($mime_types); |
1886 // $exts = array_keys($mime_types); |
1884 $exts = '(' . implode('|', $exts) . ')'; |
1887 // $exts = '(' . implode('|', $exts) . ')'; |
1885 |
1888 |
1886 $page_id_cleaned = preg_replace('/\.2e' . $exts . '$/', '.\\1', $page_id_cleaned); |
1889 // $page_id_cleaned = preg_replace('/\.2e' . $exts . '$/', '.\\1', $page_id_cleaned); |
1887 |
1890 |
1888 return $page_id_cleaned; |
1891 return $page_id_cleaned; |
1889 } |
1892 } |
1890 |
1893 |
1891 /** |
1894 /** |