Menu
▾
▴
[Tikiwiki-cvs/svn] SF.net SVN: tikiwiki:[14080] trunk/lib
|
From: <sy...@us...> - 2008-08-05 22:05:58
|
Revision: 14080
http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=14080&view=rev
Author: sylvieg
Date: 2008-08-05 22:06:04 +0000 (Tue, 05 Aug 2008)
Log Message:
-----------
[MRG] Automatic merge, branches/2.0 14049 to 14076
Modified Paths:
--------------
trunk/lib/setup/sanitization.php
trunk/lib/tikilib.php
Modified: trunk/lib/setup/sanitization.php
===================================================================
--- trunk/lib/setup/sanitization.php 2008-08-05 22:02:06 UTC (rev 14079)
+++ trunk/lib/setup/sanitization.php 2008-08-05 22:06:04 UTC (rev 14080)
@@ -57,7 +57,7 @@
// keep replacing as long as the previous round replaced something
while ( RemoveXSSregexp($ra_as_tag_only, $val, '(\<|\[\\\\xC0\]\[\\\\xBC\])')
|| RemoveXSSregexp($ra_as_attribute, $val)
- || RemoveXSSregexp($ra_as_content, $val, '[\.\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\|\:;\-\/`#"\']')
+ || RemoveXSSregexp($ra_as_content, $val, '[\.\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\|\:;\-\/`#"\']', '(?![a-z0-9])')
|| RemoveXSSregexp($ra_javascript, $val, '', ':', true)
|| RemoveXSSregexp($ra_style, $val, '[^a-z0-9]', '=')
);
@@ -90,8 +90,13 @@
$pattern_end = '/i';
if ( $suffix != '' ) {
- $pattern_end = '(' . $pattern_sep . '\s*' . $suffix . ')' . $pattern_end;
- if ( $suffix == '=' || $suffix == ':' ) $replacement_end = $suffix;
+ if ( $suffix == '=' || $suffix == ':' ) {
+ $replacement_end = $suffix;
+ $pattern_end = '(' . $pattern_sep . '\s*' . $suffix . ')' . $pattern_end;
+ } else {
+ $replacement_end = '';
+ $pattern_end = $suffix . $pattern_end;
+ }
} else {
$replacement_end = '';
}
Modified: trunk/lib/tikilib.php
===================================================================
--- trunk/lib/tikilib.php 2008-08-05 22:02:06 UTC (rev 14079)
+++ trunk/lib/tikilib.php 2008-08-05 22:06:04 UTC (rev 14080)
@@ -5510,11 +5510,19 @@
}
}
+
+ /* <x> XSS Sanitization handling */
+
// Converts <x> (<x> tag using HTML entities) into the tag <x>. This tag comes from the input sanitizer (XSS filter).
// This is not HTML valid and avoids using <x> in a wiki text,
// but hide '<x>' text inside some words like 'style' that are considered as dangerous by the sanitizer.
$data = str_replace('<x>', '<x>', $data);
+ // Fix false positive in wiki syntax
+ // It can't be done in the sanitizer, that can't know if the input will be wiki parsed or not
+ $data = preg_replace('/(\{img [^\}]+li)<x>(nk[^\}]+\})/i', '\\1\\2', $data);
+
+
// Replace dynamic content occurrences
if (preg_match_all("/\{content +id=([0-9]+)\}/", $data, $dcs)) {
$temp_max = count($dcs[0]);
@@ -6065,23 +6073,26 @@
preg_match_all("/(\{img [^\}]+\})/", $data, $pages);
foreach (array_unique($pages[1])as $page_parse) {
- $parts = $this->split_tag( $page_parse);
+ $parts = $this->split_tag( $page_parse);
- $imgdata = array(); // pre-set preferences
- $imgdata["src"] = '';
- $imgdata["height"] = '';
- $imgdata["width"] = '';
- $imgdata["link"] = '';
- $imgdata["rel"] = '';
- $imgdata["title"] = '';
- $imgdata["align"] = '';
- $imgdata["desc"] = '';
- $imgdata["imalign"] = '';
- $imgdata["alt"] = '';
- $imgdata["usemap"] = '';
- $imgdata["class"] = '';
- $imgdata = $this->split_assoc_array( $parts, $imgdata);
+ $imgdata = array(); // pre-set preferences
+ $imgdata["src"] = '';
+ $imgdata["height"] = '';
+ $imgdata["width"] = '';
+ $imgdata["lnk"] = '';
+ $imgdata["rel"] = '';
+ $imgdata["title"] = '';
+ $imgdata["align"] = '';
+ $imgdata["desc"] = '';
+ $imgdata["imalign"] = '';
+ $imgdata["alt"] = '';
+ $imgdata["usemap"] = '';
+ $imgdata["class"] = '';
+ $imgdata = $this->split_assoc_array( $parts, $imgdata );
+ // Support both 'link' and 'lnk' syntax
+ if ( isset($imgdata['link']) && $imgdata['lnk'] == '' ) $imgdata['lnk'] = $imgdata['link'];
+
if (stristr(str_replace(' ', '', $imgdata["src"]),'javascript:')) {
$imgdata["src"] = '';
}
@@ -6131,14 +6142,14 @@
$repl .= ' />';
- if ($imgdata["link"]) {
+ if ($imgdata["lnk"]) {
$imgtarget= '';
- if ($prefs['popupLinks'] == 'y' && (preg_match('#^([a-z0-9]+?)://#i', $imgdata['link']) || preg_match('#^www\.([a-z0-9\-]+)\.#i',$imgdata['link']))) {
+ if ($prefs['popupLinks'] == 'y' && (preg_match('#^([a-z0-9]+?)://#i', $imgdata['lnk']) || preg_match('#^www\.([a-z0-9\-]+)\.#i',$imgdata['lnk']))) {
$imgtarget = ' target="_blank"';
}
if ($imgdata['rel']) $linkrel = ' rel="'.$imgdata['rel'].'"';
if ($imgdata['title']) $linktitle = ' title="'.$imgdata['title'].'"';
- $repl = '<a href="'.$imgdata["link"].'"'.$linkrel.$imgtarget.$linktitle.'>' . $repl . '</a>';
+ $repl = '<a href="'.$imgdata["lnk"].'"'.$linkrel.$imgtarget.$linktitle.'>' . $repl . '</a>';
}
if ($imgdata["desc"]) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|