| Revisão | 5858b291735300650ae88fe06805bd8a717e117f (tree) |
|---|---|
| Hora | 2008-09-26 13:32:31 |
| Autor | kimitake <kimitake@1ca2...> |
| Commiter | kimitake |
fixed XSS issue
git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/nucleus-jp/branches/branch-3-3@709 1ca29b6e-896d-4ea0-84a5-967f57386b96
euc/nucleus/libs/globalfunctions.php (diff)
utf8/nucleus/documentation/history.html (diff) utf8/nucleus/libs/globalfunctions.php (diff)| @@ -307,6 +307,13 @@ if (!headers_sent() ) { | ||
| 307 | 307 | $language = getLanguageName(); |
| 308 | 308 | include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php'); |
| 309 | 309 | |
| 310 | +// check if valid charset | |
| 311 | +if (!encoding_check(false,false,_CHARSET)) { | |
| 312 | + foreach(array($_REQUEST, $_SERVER) as $input) { | |
| 313 | + array_walk($input, 'encoding_check'); | |
| 314 | + } | |
| 315 | +} | |
| 316 | + | |
| 310 | 317 | /* |
| 311 | 318 | Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details |
| 312 | 319 |
| @@ -551,6 +558,13 @@ function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) { | ||
| 551 | 558 | } else { |
| 552 | 559 | header('Content-Type: ' . $contenttype); |
| 553 | 560 | } |
| 561 | + | |
| 562 | + // check if valid charset | |
| 563 | + if (!encoding_check(false,false,$charset)) { | |
| 564 | + foreach(array($_REQUEST, $_SERVER) as $input) { | |
| 565 | + array_walk($input, 'encoding_check'); | |
| 566 | + } | |
| 567 | + } | |
| 554 | 568 | } |
| 555 | 569 | } |
| 556 | 570 |
| @@ -558,9 +572,11 @@ function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) { | ||
| 558 | 572 | * Errors before the database connection has been made |
| 559 | 573 | */ |
| 560 | 574 | function startUpError($msg, $title) { |
| 575 | + if (!defined('_CHARSET')) define('_CHARSET','iso-8859-1'); | |
| 576 | + header('Content-Type: text/html; charset=' . _CHARSET); | |
| 561 | 577 | ?> |
| 562 | 578 | <html xmlns="http://www.w3.org/1999/xhtml"> |
| 563 | - <head><meta http-equiv="Content-Type" content="text/html; charset=EUC-JP" /> | |
| 579 | + <head><meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET?>" /> | |
| 564 | 580 | <title><?php echo htmlspecialchars($title)?></title></head> |
| 565 | 581 | <body> |
| 566 | 582 | <h1><?php echo htmlspecialchars($title)?></h1> |
| @@ -1495,6 +1511,69 @@ function formatDate($format, $timestamp, $defaultFormat, &$blog) { | ||
| 1495 | 1511 | } |
| 1496 | 1512 | } |
| 1497 | 1513 | |
| 1514 | +function encoding_check($val, $key, $encoding=false, $exclude=false) { | |
| 1515 | + /* | |
| 1516 | + When 3rd argument is set, return if checked already. | |
| 1517 | + When 4th argument is set, set the excluded key(s). | |
| 1518 | + */ | |
| 1519 | + static $search=false, $checked=array(), $excludes=array(); | |
| 1520 | + if ($exclude!==false) { | |
| 1521 | + if (is_array($exclude)) { | |
| 1522 | + foreach($exclude as $v) $excludes[$v]=true; | |
| 1523 | + } else $excludes[$excludes]=true; | |
| 1524 | + return; | |
| 1525 | + } | |
| 1526 | + if ($encoding!==false) { | |
| 1527 | + switch($encoding=strtolower($encoding)){ | |
| 1528 | + case 'utf-8': | |
| 1529 | + $search='/^([\x00-\x7F]+'. | |
| 1530 | + '|[\xC2-\xDF][\x80-\xBF]'. | |
| 1531 | + '|[\xE0-\xEF][\x80-\xBF][\x80-\xBF]'. | |
| 1532 | + '|[\xF0-\xF7][\x80-\xBF][\x80-\xBF][\x80-\xBF]'. | |
| 1533 | + '|[\xF8-\xFB][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF]'. | |
| 1534 | + '|[\xFC-\xFD][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF])*/'; | |
| 1535 | + break; | |
| 1536 | + case 'euc-jp': | |
| 1537 | + $search='/^([\x00-\x7F]+'. | |
| 1538 | + '|[\x8E][\xA0-\xDF]'. | |
| 1539 | + '|[\x8F]?[\xA1-\xFE][\xA1-\xFE])*/'; | |
| 1540 | + break; | |
| 1541 | + case 'gb2312': | |
| 1542 | + $search='/^([\x00-\x7F]+'. | |
| 1543 | + '|[\xA1-\xF7][\xA1-\xFE])*/'; | |
| 1544 | + break; | |
| 1545 | + default: | |
| 1546 | + $search=false; | |
| 1547 | + if (preg_match('/^iso\-8859\-[0-9]{1,2}$/',$encoding)) break; | |
| 1548 | + if (preg_match('/^windows\-125[0-8]$/',$encoding)) break; | |
| 1549 | + startUpError('<p>Unknown or non-supported encoding.</p>', 'Encoding Error'); | |
| 1550 | + exit; | |
| 1551 | + } | |
| 1552 | + if (isset($checked[$encoding])) return true; // Already checked. | |
| 1553 | + $checked[$encoding]=true; | |
| 1554 | + } | |
| 1555 | + if ($key===false) return false; // Not yet checked. | |
| 1556 | + if ($search===false) return true; // non-multibyte encoding | |
| 1557 | + if (isset($excludes[$key])) return true; // This key isn't checked. | |
| 1558 | + if (is_array($val)) { | |
| 1559 | + array_walk($val, 'encoding_check'); | |
| 1560 | + } else { | |
| 1561 | + preg_match($search,$val,$m); | |
| 1562 | + $val2 = (string)$m[0]; | |
| 1563 | + if (!($val2 === (string)$val)) { | |
| 1564 | + startUpError('<p>Invalid input.</p>', 'Input Error'); | |
| 1565 | + exit; | |
| 1566 | + } | |
| 1567 | + } | |
| 1568 | + preg_match($search,$key,$m); | |
| 1569 | + $key2 = (string)$m[0]; | |
| 1570 | + if (!($key2 === (string)$key)) { | |
| 1571 | + startUpError('<p>Invalid input.</p>', 'Input Error'); | |
| 1572 | + exit; | |
| 1573 | + } | |
| 1574 | + return true; | |
| 1575 | +} | |
| 1576 | + | |
| 1498 | 1577 | function checkVars($aVars) { |
| 1499 | 1578 | global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS; |
| 1500 | 1579 |
| @@ -65,7 +65,13 @@ | ||
| 65 | 65 | </ul> |
| 66 | 66 | </li> |
| 67 | 67 | <li> |
| 68 | - <strong>Nucleus v3.31SP1 (February 5, 2008)</strong> | |
| 68 | + <strong>Nucleus v3.31 SP2 (EUC-JP only) (September 26, 2008)</strong> | |
| 69 | + <ul> | |
| 70 | + <li>FIXED: An XSS issue</li> | |
| 71 | + </ul> | |
| 72 | + </li> | |
| 73 | + <li> | |
| 74 | + <strong>Nucleus v3.31 SP1 (February 5, 2008)</strong> | |
| 69 | 75 | <ul> |
| 70 | 76 | <li>FIXED: An XSS issue</li> |
| 71 | 77 | <li>CHANGED(JP): (<a href="http://nucleus-jp.sourceforge.jp/tracker/?do=details&id=83">#83(JP)</a>): ブックマークレットの高さを50ピクセル追加. (kmorimatsu)</li> |
| @@ -83,7 +89,7 @@ | ||
| 83 | 89 | </ul> |
| 84 | 90 | </li> |
| 85 | 91 | <li> |
| 86 | - <strong>Nucleus v3.3 "Lithium" (Beta - March 11, 2007)</strong> | |
| 92 | + <strong>Nucleus v3.3 (May 1, 2007)</strong> | |
| 87 | 93 | <ul> |
| 88 | 94 | <li>ADDED: add description of charset skin variable to documentation.(JP) (shizuki)</li> |
| 89 | 95 | <li>FIXED: fix description of if/else/endif skin variables to documentation, inlcuding ifnot, elseif, and elseifnot (JP) (shizuki)</li> |
| @@ -307,6 +307,13 @@ if (!headers_sent() ) { | ||
| 307 | 307 | $language = getLanguageName(); |
| 308 | 308 | include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php'); |
| 309 | 309 | |
| 310 | +// check if valid charset | |
| 311 | +if (!encoding_check(false,false,_CHARSET)) { | |
| 312 | + foreach(array($_REQUEST, $_SERVER) as $input) { | |
| 313 | + array_walk($input, 'encoding_check'); | |
| 314 | + } | |
| 315 | +} | |
| 316 | + | |
| 310 | 317 | /* |
| 311 | 318 | Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details |
| 312 | 319 |
| @@ -551,6 +558,13 @@ function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) { | ||
| 551 | 558 | } else { |
| 552 | 559 | header('Content-Type: ' . $contenttype); |
| 553 | 560 | } |
| 561 | + | |
| 562 | + // check if valid charset | |
| 563 | + if (!encoding_check(false,false,$charset)) { | |
| 564 | + foreach(array($_REQUEST, $_SERVER) as $input) { | |
| 565 | + array_walk($input, 'encoding_check'); | |
| 566 | + } | |
| 567 | + } | |
| 554 | 568 | } |
| 555 | 569 | } |
| 556 | 570 |
| @@ -558,9 +572,11 @@ function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) { | ||
| 558 | 572 | * Errors before the database connection has been made |
| 559 | 573 | */ |
| 560 | 574 | function startUpError($msg, $title) { |
| 575 | + if (!defined('_CHARSET')) define('_CHARSET','iso-8859-1'); | |
| 576 | + header('Content-Type: text/html; charset=' . _CHARSET); | |
| 561 | 577 | ?> |
| 562 | 578 | <html xmlns="http://www.w3.org/1999/xhtml"> |
| 563 | - <head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> | |
| 579 | + <head><meta http-equiv="Content-Type" content="text/html; charset=<?php echo _CHARSET?>" /> | |
| 564 | 580 | <title><?php echo htmlspecialchars($title)?></title></head> |
| 565 | 581 | <body> |
| 566 | 582 | <h1><?php echo htmlspecialchars($title)?></h1> |
| @@ -1495,6 +1511,69 @@ function formatDate($format, $timestamp, $defaultFormat, &$blog) { | ||
| 1495 | 1511 | } |
| 1496 | 1512 | } |
| 1497 | 1513 | |
| 1514 | +function encoding_check($val, $key, $encoding=false, $exclude=false) { | |
| 1515 | + /* | |
| 1516 | + When 3rd argument is set, return if checked already. | |
| 1517 | + When 4th argument is set, set the excluded key(s). | |
| 1518 | + */ | |
| 1519 | + static $search=false, $checked=array(), $excludes=array(); | |
| 1520 | + if ($exclude!==false) { | |
| 1521 | + if (is_array($exclude)) { | |
| 1522 | + foreach($exclude as $v) $excludes[$v]=true; | |
| 1523 | + } else $excludes[$excludes]=true; | |
| 1524 | + return; | |
| 1525 | + } | |
| 1526 | + if ($encoding!==false) { | |
| 1527 | + switch($encoding=strtolower($encoding)){ | |
| 1528 | + case 'utf-8': | |
| 1529 | + $search='/^([\x00-\x7F]+'. | |
| 1530 | + '|[\xC2-\xDF][\x80-\xBF]'. | |
| 1531 | + '|[\xE0-\xEF][\x80-\xBF][\x80-\xBF]'. | |
| 1532 | + '|[\xF0-\xF7][\x80-\xBF][\x80-\xBF][\x80-\xBF]'. | |
| 1533 | + '|[\xF8-\xFB][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF]'. | |
| 1534 | + '|[\xFC-\xFD][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF][\x80-\xBF])*/'; | |
| 1535 | + break; | |
| 1536 | + case 'euc-jp': | |
| 1537 | + $search='/^([\x00-\x7F]+'. | |
| 1538 | + '|[\x8E][\xA0-\xDF]'. | |
| 1539 | + '|[\x8F]?[\xA1-\xFE][\xA1-\xFE])*/'; | |
| 1540 | + break; | |
| 1541 | + case 'gb2312': | |
| 1542 | + $search='/^([\x00-\x7F]+'. | |
| 1543 | + '|[\xA1-\xF7][\xA1-\xFE])*/'; | |
| 1544 | + break; | |
| 1545 | + default: | |
| 1546 | + $search=false; | |
| 1547 | + if (preg_match('/^iso\-8859\-[0-9]{1,2}$/',$encoding)) break; | |
| 1548 | + if (preg_match('/^windows\-125[0-8]$/',$encoding)) break; | |
| 1549 | + startUpError('<p>Unknown or non-supported encoding.</p>', 'Encoding Error'); | |
| 1550 | + exit; | |
| 1551 | + } | |
| 1552 | + if (isset($checked[$encoding])) return true; // Already checked. | |
| 1553 | + $checked[$encoding]=true; | |
| 1554 | + } | |
| 1555 | + if ($key===false) return false; // Not yet checked. | |
| 1556 | + if ($search===false) return true; // non-multibyte encoding | |
| 1557 | + if (isset($excludes[$key])) return true; // This key isn't checked. | |
| 1558 | + if (is_array($val)) { | |
| 1559 | + array_walk($val, 'encoding_check'); | |
| 1560 | + } else { | |
| 1561 | + preg_match($search,$val,$m); | |
| 1562 | + $val2 = (string)$m[0]; | |
| 1563 | + if (!($val2 === (string)$val)) { | |
| 1564 | + startUpError('<p>Invalid input.</p>', 'Input Error'); | |
| 1565 | + exit; | |
| 1566 | + } | |
| 1567 | + } | |
| 1568 | + preg_match($search,$key,$m); | |
| 1569 | + $key2 = (string)$m[0]; | |
| 1570 | + if (!($key2 === (string)$key)) { | |
| 1571 | + startUpError('<p>Invalid input.</p>', 'Input Error'); | |
| 1572 | + exit; | |
| 1573 | + } | |
| 1574 | + return true; | |
| 1575 | +} | |
| 1576 | + | |
| 1498 | 1577 | function checkVars($aVars) { |
| 1499 | 1578 | global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES, $HTTP_SESSION_VARS; |
| 1500 | 1579 |
Fork