#235 typos about regular expressions

2.1.8
closed-fixed
Legacy (179)
5
2010-02-02
2009-10-22
GIJOE
No

Marijuana's contribution.

Refer the topic also.
http://www.xugj.org/modules/QandA/index.php?topic_id=1564

(1) Invalid regex pattern

html/modules/user/forms/AbstractUserEditForm.class.php

"[\000-\040]"
should be
'[\000-\040]'
moreover
'[\000-\040\177]'
looks better.

(2) Some control codes are leaked

html/class/module.textsanitizer.php
html/include/functions.php
html/modules/legacy/kernel/Legacy_TextFilter.class.php

"[\\0-\\31]"
should be
'/[\x0-\x1f\x7f]/'

Control codes 032-037 can be included for injecting 'javascript:'.
It can be a security issue.

Discussion

  • gigamaster

    gigamaster - 2009-12-22
    • status: open --> open-works-for-me
     
  • HIKAWA Kilica

    HIKAWA Kilica - 2010-01-24
    • status: open-works-for-me --> open-fixed
     
  • HIKAWA Kilica

    HIKAWA Kilica - 2010-01-24
    • milestone: 899284 --> 2.1.8
    • assigned_to: nobody --> kilica
     
  • HIKAWA Kilica

    HIKAWA Kilica - 2010-02-02
    • status: open-fixed --> closed-fixed
     

Log in to post a comment.