Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
7132e7d5
Commit
7132e7d5
authored
Dec 25, 2004
by
Steven Wittens
Browse files
#14757
: Fix XSS vulnerability due to entity usage.
parent
11358d74
Changes
1
Hide whitespace changes
Inline
Side-by-side
includes/common.inc
View file @
7132e7d5
...
...
@@ -587,6 +587,9 @@ function valid_input_data($data) {
else
{
// Detect dangerous input data.
// Decode all normal character entities.
$data
=
decode_entities
(
$data
,
array
(
'<'
,
'&'
,
'"'
));
// Check strings:
$match
=
preg_match
(
'/\Wjavascript\s*:/i'
,
$data
);
$match
+=
preg_match
(
'/\Wexpression\s*\(/i'
,
$data
);
...
...
@@ -1675,47 +1678,59 @@ function mime_header_encode($string, $charset = 'UTF-8') {
/**
* Decode all HTML entities (including numerical ones) to regular UTF-8 bytes.
*
* @param $text
* The text to decode entities in.
* @param $exclude
* An array of characters which should not be decoded. For example,
* array('<', '&', '"'). This affects both named and numerical entities.
*/
function
decode_entities
(
$text
)
{
function
decode_entities
(
$text
,
$exclude
=
array
()
)
{
static
$table
;
// We store named entities in a table for quick processing.
if
(
!
isset
(
$table
))
{
// Get all named HTML entities.
$table
=
array_flip
(
get_html_translation_table
(
HTML_ENTITIES
,
$special
));
// PHP gives us
Windows-1252/
ISO-8859-1 data, we need UTF-8.
// PHP gives us ISO-8859-1 data, we need UTF-8.
$table
=
array_map
(
'utf8_encode'
,
$table
);
}
$text
=
strtr
(
$text
,
$table
);
$text
=
strtr
(
$text
,
array_diff
(
$table
,
$exclude
)
);
// Any remaining entities are numerical. Use a regexp to replace them.
return
preg_replace
(
'/&#(x?)([A-Za-z0-9]+);/e'
,
'_decode_entities("$1", "$2")'
,
$text
);
return
preg_replace
(
'/&#(x?)([A-Za-z0-9]+);/e'
,
'_decode_entities("$1", "$2"
, "$0", $exclude
)'
,
$text
);
}
/**
* Helper function for decode_entities
*/
function
_decode_entities
(
$hex
,
$codepoint
)
{
function
_decode_entities
(
$hex
,
$codepoint
,
$original
,
$exclude
)
{
if
(
$hex
!=
''
)
{
$codepoint
=
base_convert
(
$codepoint
,
16
,
10
);
}
if
(
$codepoint
<
0x80
)
{
return
chr
(
$codepoint
);
$str
=
chr
(
$codepoint
);
}
else
if
(
$codepoint
<
0x800
)
{
return
chr
(
0xC0
|
(
$codepoint
>>
6
))
$str
=
chr
(
0xC0
|
(
$codepoint
>>
6
))
.
chr
(
0x80
|
(
$codepoint
&
0x3F
));
}
else
if
(
$codepoint
<
0x10000
)
{
return
chr
(
0xE0
|
(
$codepoint
>>
12
))
$str
=
chr
(
0xE0
|
(
$codepoint
>>
12
))
.
chr
(
0x80
|
((
$codepoint
>>
6
)
&
0x3F
))
.
chr
(
0x80
|
(
$codepoint
&
0x3F
));
}
else
if
(
$codepoint
<
0x200000
)
{
return
chr
(
0xF0
|
(
$codepoint
>>
18
))
$str
=
chr
(
0xF0
|
(
$codepoint
>>
18
))
.
chr
(
0x80
|
((
$codepoint
>>
12
)
&
0x3F
))
.
chr
(
0x80
|
((
$codepoint
>>
6
)
&
0x3F
))
.
chr
(
0x80
|
(
$codepoint
&
0x3F
));
}
if
(
in_array
(
$str
,
$exclude
))
{
return
$original
;
}
else
{
return
$str
;
}
}
/**
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment