From: <sy...@us...> - 2008-08-05 22:05:58
|
Revision: 14080 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=14080&view=rev Author: sylvieg Date: 2008-08-05 22:06:04 +0000 (Tue, 05 Aug 2008) Log Message: ----------- [MRG] Automatic merge, branches/2.0 14049 to 14076 Modified Paths: -------------- trunk/lib/setup/sanitization.php trunk/lib/tikilib.php Modified: trunk/lib/setup/sanitization.php =================================================================== --- trunk/lib/setup/sanitization.php 2008-08-05 22:02:06 UTC (rev 14079) +++ trunk/lib/setup/sanitization.php 2008-08-05 22:06:04 UTC (rev 14080) @@ -57,7 +57,7 @@ // keep replacing as long as the previous round replaced something while ( RemoveXSSregexp($ra_as_tag_only, $val, '(\<|\[\\\\xC0\]\[\\\\xBC\])') || RemoveXSSregexp($ra_as_attribute, $val) - || RemoveXSSregexp($ra_as_content, $val, '[\.\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\|\:;\-\/`#"\']') + || RemoveXSSregexp($ra_as_content, $val, '[\.\\\+\*\?\[\^\]\$\(\)\{\}\=\!\<\|\:;\-\/`#"\']', '(?![a-z0-9])') || RemoveXSSregexp($ra_javascript, $val, '', ':', true) || RemoveXSSregexp($ra_style, $val, '[^a-z0-9]', '=') ); @@ -90,8 +90,13 @@ $pattern_end = '/i'; if ( $suffix != '' ) { - $pattern_end = '(' . $pattern_sep . '\s*' . $suffix . ')' . $pattern_end; - if ( $suffix == '=' || $suffix == ':' ) $replacement_end = $suffix; + if ( $suffix == '=' || $suffix == ':' ) { + $replacement_end = $suffix; + $pattern_end = '(' . $pattern_sep . '\s*' . $suffix . ')' . $pattern_end; + } else { + $replacement_end = ''; + $pattern_end = $suffix . $pattern_end; + } } else { $replacement_end = ''; } Modified: trunk/lib/tikilib.php =================================================================== --- trunk/lib/tikilib.php 2008-08-05 22:02:06 UTC (rev 14079) +++ trunk/lib/tikilib.php 2008-08-05 22:06:04 UTC (rev 14080) @@ -5510,11 +5510,19 @@ } } + + /* <x> XSS Sanitization handling */ + // Converts <x> (<x> tag using HTML entities) into the tag <x>. This tag comes from the input sanitizer (XSS filter). // This is not HTML valid and avoids using <x> in a wiki text, // but hide '<x>' text inside some words like 'style' that are considered as dangerous by the sanitizer. $data = str_replace('<x>', '<x>', $data); + // Fix false positive in wiki syntax + // It can't be done in the sanitizer, that can't know if the input will be wiki parsed or not + $data = preg_replace('/(\{img [^\}]+li)<x>(nk[^\}]+\})/i', '\\1\\2', $data); + + // Replace dynamic content occurrences if (preg_match_all("/\{content +id=([0-9]+)\}/", $data, $dcs)) { $temp_max = count($dcs[0]); @@ -6065,23 +6073,26 @@ preg_match_all("/(\{img [^\}]+\})/", $data, $pages); foreach (array_unique($pages[1])as $page_parse) { - $parts = $this->split_tag( $page_parse); + $parts = $this->split_tag( $page_parse); - $imgdata = array(); // pre-set preferences - $imgdata["src"] = ''; - $imgdata["height"] = ''; - $imgdata["width"] = ''; - $imgdata["link"] = ''; - $imgdata["rel"] = ''; - $imgdata["title"] = ''; - $imgdata["align"] = ''; - $imgdata["desc"] = ''; - $imgdata["imalign"] = ''; - $imgdata["alt"] = ''; - $imgdata["usemap"] = ''; - $imgdata["class"] = ''; - $imgdata = $this->split_assoc_array( $parts, $imgdata); + $imgdata = array(); // pre-set preferences + $imgdata["src"] = ''; + $imgdata["height"] = ''; + $imgdata["width"] = ''; + $imgdata["lnk"] = ''; + $imgdata["rel"] = ''; + $imgdata["title"] = ''; + $imgdata["align"] = ''; + $imgdata["desc"] = ''; + $imgdata["imalign"] = ''; + $imgdata["alt"] = ''; + $imgdata["usemap"] = ''; + $imgdata["class"] = ''; + $imgdata = $this->split_assoc_array( $parts, $imgdata ); + // Support both 'link' and 'lnk' syntax + if ( isset($imgdata['link']) && $imgdata['lnk'] == '' ) $imgdata['lnk'] = $imgdata['link']; + if (stristr(str_replace(' ', '', $imgdata["src"]),'javascript:')) { $imgdata["src"] = ''; } @@ -6131,14 +6142,14 @@ $repl .= ' />'; - if ($imgdata["link"]) { + if ($imgdata["lnk"]) { $imgtarget= ''; - if ($prefs['popupLinks'] == 'y' && (preg_match('#^([a-z0-9]+?)://#i', $imgdata['link']) || preg_match('#^www\.([a-z0-9\-]+)\.#i',$imgdata['link']))) { + if ($prefs['popupLinks'] == 'y' && (preg_match('#^([a-z0-9]+?)://#i', $imgdata['lnk']) || preg_match('#^www\.([a-z0-9\-]+)\.#i',$imgdata['lnk']))) { $imgtarget = ' target="_blank"'; } if ($imgdata['rel']) $linkrel = ' rel="'.$imgdata['rel'].'"'; if ($imgdata['title']) $linktitle = ' title="'.$imgdata['title'].'"'; - $repl = '<a href="'.$imgdata["link"].'"'.$linkrel.$imgtarget.$linktitle.'>' . $repl . '</a>'; + $repl = '<a href="'.$imgdata["lnk"].'"'.$linkrel.$imgtarget.$linktitle.'>' . $repl . '</a>'; } if ($imgdata["desc"]) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |