Security: NUL characters are now stripped from GPC; several code readability standards changes
--- a/TODO Fri Jun 22 10:31:59 2007 -0400
+++ b/TODO Fri Jun 22 18:42:26 2007 -0400
@@ -24,6 +24,10 @@
[x] Change the string shown on a successful re-auth into elevated privileges
[x] ...and write a function that converts a numeric userlevel to a string
[x] Make Special:Login remember parameters (target level, target page) even on auth fail
+[ ] Register users_extra table in system tables list (already done?)
+[x] Trigger form submit on press of enter in Dynano login form
+[ ] Rewrite the change theme dialog - it's archaic code that hasn't changed since beta 1!
+ [ ] This should be the next-to-last step in phasing out the JWS code, which should be removed in the first 1.1 alpha
Enano Clurichaun - TODO
--- a/includes/clientside/static/windows.js Fri Jun 22 10:31:59 2007 -0400
+++ b/includes/clientside/static/windows.js Fri Jun 22 18:42:26 2007 -0400
@@ -158,18 +158,27 @@
// Source: http://www.aspandjavascript.co.uk/javascript/javascript_api/get_element_width_height.asp
function getElementHeight(Elem) {
- if (ns4) {
+ if (ns4)
+ {
var elem = getObjNN4(document, Elem);
return elem.clip.height;
- } else {
- if(document.getElementById) {
+ }
+ else
+ {
+ if(document.getElementById)
+ {
var elem = document.getElementById(Elem);
- } else if (document.all){
+ }
+ else if (document.all)
+ {
var elem = document.all[Elem];
}
- if (op5) {
+ if (op5)
+ {
xPos = elem.style.pixelHeight;
- } else {
+ }
+ else
+ {
xPos = elem.offsetHeight;
}
return xPos;
--- a/includes/functions.php Fri Jun 22 10:31:59 2007 -0400
+++ b/includes/functions.php Fri Jun 22 18:42:26 2007 -0400
@@ -863,11 +863,17 @@
function enano_str_split($text, $inc = 1)
{
- if($inc < 1) return false;
- if($inc >= strlen($text)) return Array($text);
+ if($inc < 1)
+ {
+ return false;
+ }
+ if($inc >= strlen($text))
+ {
+ return Array($text);
+ }
$len = ceil(strlen($text) / $inc);
$ret = Array();
- for($i=0;$i<strlen($text);$i=$i+$inc)
+ for ( $i = 0; $i < strlen($text); $i = $i + $inc )
{
$ret[] = substr($text, $i, $inc);
}
@@ -967,8 +973,27 @@
}
/**
+ * Recursive function to remove all NUL bytes from a string
+ * @param array
+ * @return array
+ */
+
+function strip_nul_chars($arr)
+{
+ foreach($arr as $k => $xxxx_unused)
+ {
+ $val =& $arr[$k];
+ if(is_string($val))
+ $val = str_replace("\000", '', $val);
+ elseif(is_array($val))
+ $val = strip_nul_chars($val);
+ }
+ return $arr;
+}
+
+/**
* If magic_quotes_gpc is on, calls stripslashes() on everything in $_GET/$_POST/$_COOKIE
- * @ignore - this doesn't work
+ * @ignore - this doesn't work too well in my tests
* @todo port version from the PHP manual
* @return void
*/
@@ -980,6 +1005,9 @@
$_GET = stripslashes_recurse($_GET);
$_COOKIE = stripslashes_recurse($_COOKIE);
}
+ $_POST = strip_nul_chars($_POST);
+ $_GET = strip_nul_chars($_GET);
+ $_COOKIE = strip_nul_chars($_COOKIE);
}
/**