From: Sergei I. G. <si...@pr...> - 2002-11-18 12:54:57
|
Update of /cvsroot/phpmychat/phpMyChat-0.15/chat/lib In directory sc8-pr-cvs1:/tmp/cvs-serv3500/chat/lib Modified Files: format_messages.lib.php3 Log Message: Check for dangerous chars not only latin1 charsets Don't replace " with " in $theMessage Index: format_messages.lib.php3 =================================================================== RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/lib/format_messages.lib.php3,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -r1.14 -r1.15 *** format_messages.lib.php3 18 Nov 2002 07:11:00 -0000 1.14 --- format_messages.lib.php3 18 Nov 2002 12:54:53 -0000 1.15 *************** *** 62,68 **** function pmcCheckLinks(&$str) { - // Protect from malicious html injection - $str = htmlspecialchars($str, ENT_QUOTES); - // Handle urls and 'news:' links $urlPattern = '(^| )(([^ ]+://[^ ]+)|(news:[^ ]+))( |$)'; --- 62,65 ---- *************** *** 142,185 **** pmcCheckLinks($theMessage); ! // transform ISO-8859-1 special characters ! if ($latin1) { ! // Avoid nick transformation ! if ($GLOBALS['msgTo'] != '') ! { ! $pattern = '(.*)(' . $GLOBALS['msgTo']. '(>)?)(.*)'; ! ereg($pattern, $theMessage, $regs); ! } ! $regs[1] = (isset($regs[1])) ? $regs[1] : ''; ! $regs[2] = (isset($regs[2])) ? $regs[2] : ''; ! $regs[4] = (isset($regs[4])) ? $regs[4] : ''; ! if ($regs[1] == '' && $regs[4] == '') ! { ! $regs[4] = $theMessage; ! } ! // Do the work ! if (!ereg('&[[:alnum:]]{1,10}', $regs[1]) ! && !ereg('&[[:alnum:]]{1,10}', $regs[4])) { ! for ($i = 1; $i < 5; $i += 3) { ! if ($regs[$i] == '') ! { ! continue; ! } ! $part = $regs[$i]; ! $part = htmlentities($part); ! $part = str_replace('<', '<', $part); ! $part = str_replace('>', '>', $part); ! $part = str_replace('&lt;', '<', $part); ! $part = str_replace('&gt;', '>', $part); ! $part = str_replace('"', '"', $part); ! $part = ereg_replace('&(#[[:digit:]]{2,5})', '&\\1', $part); ! $regs[$i] = $part; } ! $theMessage = $regs[1] . $regs[2] . $regs[4]; } ! } // end if ($latin1) // Slashes the slash character --- 139,178 ---- pmcCheckLinks($theMessage); ! // Avoid nick transformation ! if ($GLOBALS['msgTo'] != '') { ! $pattern = '(.*)(' . $GLOBALS['msgTo']. '(>)?)(.*)'; ! ereg($pattern, $theMessage, $regs); ! } ! $regs[1] = (isset($regs[1])) ? $regs[1] : ''; ! $regs[2] = (isset($regs[2])) ? $regs[2] : ''; ! $regs[4] = (isset($regs[4])) ? $regs[4] : ''; ! if ($regs[1] == '' && $regs[4] == '') ! { ! $regs[4] = $theMessage; ! } ! // Do the work ! if (!ereg('&[[:alnum:]]{1,10}', $regs[1]) ! && !ereg('&[[:alnum:]]{1,10}', $regs[4])) ! { ! for ($i = 1; $i < 5; $i += 3) { ! if ($regs[$i] == '') { ! continue; } ! $part = $regs[$i]; ! $part = htmlspecialchars($part, ENT_QUOTES); ! $part = str_replace('<', '<', $part); ! $part = str_replace('>', '>', $part); ! $part = str_replace('&lt;', '<', $part); ! $part = str_replace('&gt;', '>', $part); ! // $part = str_replace('"', '"', $part); ! $part = ereg_replace('&(#[[:digit:]]{2,5})', '&\\1', $part); ! $regs[$i] = $part; } ! $theMessage = $regs[1] . $regs[2] . $regs[4]; ! } // Slashes the slash character |