From aa38097c07def6d31481dfeeb2bcba520d323b2d Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 6 Jun 2003 21:37:11 +0000
Subject: [PATCH] - Dropped check_input(); use check_query() instead.
- Made the statistics module use referer_uri() for security's sake.
---
includes/common.inc | 4 ----
modules/statistics.module | 10 +++++-----
modules/statistics/statistics.module | 10 +++++-----
modules/user.module | 2 +-
modules/user/user.module | 2 +-
modules/watchdog.module | 2 +-
modules/watchdog/watchdog.module | 2 +-
scripts/code-style.pl | 10 ++++++++++
8 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/includes/common.inc b/includes/common.inc
index 963187096fc3..9909da1a27bc 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -496,10 +496,6 @@ function check_query($text) {
return addslashes($text);
}
-function check_input($text) {
- return addslashes($text);
-}
-
function filter($text) {
$modules = module_list();
diff --git a/modules/statistics.module b/modules/statistics.module
index 3b8d7d8ca032..294b67135d24 100644
--- a/modules/statistics.module
+++ b/modules/statistics.module
@@ -53,7 +53,7 @@ function statistics_exit() {
if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
// statistical logs are enabled
- $referrer = getenv("HTTP_REFERER");
+ $referrer = referer_uri();
$hostname = getenv("REMOTE_ADDR");
// log this page access
if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
@@ -333,11 +333,11 @@ function statistics_recent_refer() {
$query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
}
elseif ($view == "internal") {
- $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
+ $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
$describe = "internal ";
}
else {
- $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
+ $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
$describe = "external ";
}
@@ -363,12 +363,12 @@ function statistics_top_refer() {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
}
elseif ($view == "internal") {
- $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
+ $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
$describe = "internal ";
}
else {
/* default to external */
- $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
+ $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
$describe = "external ";
}
diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module
index 3b8d7d8ca032..294b67135d24 100644
--- a/modules/statistics/statistics.module
+++ b/modules/statistics/statistics.module
@@ -53,7 +53,7 @@ function statistics_exit() {
if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
// statistical logs are enabled
- $referrer = getenv("HTTP_REFERER");
+ $referrer = referer_uri();
$hostname = getenv("REMOTE_ADDR");
// log this page access
if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
@@ -333,11 +333,11 @@ function statistics_recent_refer() {
$query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
}
elseif ($view == "internal") {
- $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
+ $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
$describe = "internal ";
}
else {
- $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
+ $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
$describe = "external ";
}
@@ -363,12 +363,12 @@ function statistics_top_refer() {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
}
elseif ($view == "internal") {
- $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
+ $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
$describe = "internal ";
}
else {
/* default to external */
- $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
+ $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
$describe = "external ";
}
diff --git a/modules/user.module b/modules/user.module
index 94fc94ff209f..c9e6451992f0 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
$server = substr($server, 1);
$pass = $edit["pass"];
}
-
+
/*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/
diff --git a/modules/user/user.module b/modules/user/user.module
index 94fc94ff209f..c9e6451992f0 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
$server = substr($server, 1);
$pass = $edit["pass"];
}
-
+
/*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/
diff --git a/modules/watchdog.module b/modules/watchdog.module
index 601363e0ed9b..fec7bd8674f3 100644
--- a/modules/watchdog.module
+++ b/modules/watchdog.module
@@ -96,7 +96,7 @@ function watchdog_admin() {
watchdog_help();
break;
case "view":
- print watchdog_view(check_input(arg(3)));
+ print watchdog_view(arg(3));
break;
default:
print watchdog_overview(arg(2));
diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module
index 601363e0ed9b..fec7bd8674f3 100644
--- a/modules/watchdog/watchdog.module
+++ b/modules/watchdog/watchdog.module
@@ -96,7 +96,7 @@ function watchdog_admin() {
watchdog_help();
break;
case "view":
- print watchdog_view(check_input(arg(3)));
+ print watchdog_view(arg(3));
break;
default:
print watchdog_overview(arg(2));
diff --git a/scripts/code-style.pl b/scripts/code-style.pl
index cc1f159e7975..f7d773e54845 100644
--- a/scripts/code-style.pl
+++ b/scripts/code-style.pl
@@ -69,6 +69,16 @@ while (<>) {
elsif (/<br>/i) {
$msg = "'<br>' -> '<br />'";
}
+ elsif (/HTTP_REFERER/i) {
+ $msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead";
+ }
+ elsif (/QUERY_STRING/i) {
+ $msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead";
+ }
+ elsif (/REQUEST_URI/i) {
+ $msg = "the use of HTTP_REFERER is prone to XSS exploits and does not work on IIS; use request_uri() instead";
+ }
+
# XHTML compatibility mode suggests a blank before /
# i.e. <br />
elsif (/<[a-z][^>]*[^ >]\/>/i) {
--
GitLab