Commit aa38097c authored by Dries's avatar Dries

- Dropped check_input(); use check_query() instead.

- Made the statistics module use referer_uri() for security's sake.
parent 47ba929c
...@@ -496,10 +496,6 @@ function check_query($text) { ...@@ -496,10 +496,6 @@ function check_query($text) {
return addslashes($text); return addslashes($text);
} }
function check_input($text) {
return addslashes($text);
}
function filter($text) { function filter($text) {
$modules = module_list(); $modules = module_list();
......
...@@ -53,7 +53,7 @@ function statistics_exit() { ...@@ -53,7 +53,7 @@ function statistics_exit() {
if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) { if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
// statistical logs are enabled // statistical logs are enabled
$referrer = getenv("HTTP_REFERER"); $referrer = referer_uri();
$hostname = getenv("REMOTE_ADDR"); $hostname = getenv("REMOTE_ADDR");
// log this page access // log this page access
if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) { if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
...@@ -333,11 +333,11 @@ function statistics_recent_refer() { ...@@ -333,11 +333,11 @@ function statistics_recent_refer() {
$query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
} }
elseif ($view == "internal") { elseif ($view == "internal") {
$query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
$describe = "internal "; $describe = "internal ";
} }
else { else {
$query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
$describe = "external "; $describe = "external ";
} }
...@@ -363,12 +363,12 @@ function statistics_top_refer() { ...@@ -363,12 +363,12 @@ function statistics_top_refer() {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
} }
elseif ($view == "internal") { elseif ($view == "internal") {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
$describe = "internal "; $describe = "internal ";
} }
else { else {
/* default to external */ /* default to external */
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
$describe = "external "; $describe = "external ";
} }
......
...@@ -53,7 +53,7 @@ function statistics_exit() { ...@@ -53,7 +53,7 @@ function statistics_exit() {
if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) { if ((variable_get("statistics_enable_access_log", 0)) && (throttle_status() < 5)) {
// statistical logs are enabled // statistical logs are enabled
$referrer = getenv("HTTP_REFERER"); $referrer = referer_uri();
$hostname = getenv("REMOTE_ADDR"); $hostname = getenv("REMOTE_ADDR");
// log this page access // log this page access
if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) { if ((arg(0) == "node") && (arg(1) == "view") && arg(2)) {
...@@ -333,11 +333,11 @@ function statistics_recent_refer() { ...@@ -333,11 +333,11 @@ function statistics_recent_refer() {
$query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url <> '' ORDER BY timestamp DESC";
} }
elseif ($view == "internal") { elseif ($view == "internal") {
$query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' ORDER BY timestamp DESC";
$describe = "internal "; $describe = "internal ";
} }
else { else {
$query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC"; $query = "SELECT url,timestamp FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' ORDER BY timestamp DESC";
$describe = "external "; $describe = "external ";
} }
...@@ -363,12 +363,12 @@ function statistics_top_refer() { ...@@ -363,12 +363,12 @@ function statistics_top_refer() {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url <> '' GROUP BY url ORDER BY count DESC";
} }
elseif ($view == "internal") { elseif ($view == "internal") {
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' GROUP BY url ORDER BY count DESC";
$describe = "internal "; $describe = "internal ";
} }
else { else {
/* default to external */ /* default to external */
$query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_input($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC"; $query = "SELECT url, COUNT(url) AS count FROM accesslog WHERE url NOT LIKE '%". check_query($_SERVER["HTTP_HOST"]) ."%' AND url <> '' GROUP BY url ORDER BY count DESC";
$describe = "external "; $describe = "external ";
} }
......
...@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") { ...@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
$server = substr($server, 1); $server = substr($server, 1);
$pass = $edit["pass"]; $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
...@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") { ...@@ -547,7 +547,7 @@ function user_login($edit = array(), $msg = "") {
$server = substr($server, 1); $server = substr($server, 1);
$pass = $edit["pass"]; $pass = $edit["pass"];
} }
/* /*
** When possible, determine corrosponding external auth source. Invoke source, and login user if successful: ** When possible, determine corrosponding external auth source. Invoke source, and login user if successful:
*/ */
......
...@@ -96,7 +96,7 @@ function watchdog_admin() { ...@@ -96,7 +96,7 @@ function watchdog_admin() {
watchdog_help(); watchdog_help();
break; break;
case "view": case "view":
print watchdog_view(check_input(arg(3))); print watchdog_view(arg(3));
break; break;
default: default:
print watchdog_overview(arg(2)); print watchdog_overview(arg(2));
......
...@@ -96,7 +96,7 @@ function watchdog_admin() { ...@@ -96,7 +96,7 @@ function watchdog_admin() {
watchdog_help(); watchdog_help();
break; break;
case "view": case "view":
print watchdog_view(check_input(arg(3))); print watchdog_view(arg(3));
break; break;
default: default:
print watchdog_overview(arg(2)); print watchdog_overview(arg(2));
......
...@@ -69,6 +69,16 @@ while (<>) { ...@@ -69,6 +69,16 @@ while (<>) {
elsif (/<br>/i) { elsif (/<br>/i) {
$msg = "'<br>' -> '<br />'"; $msg = "'<br>' -> '<br />'";
} }
elsif (/HTTP_REFERER/i) {
$msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead";
}
elsif (/QUERY_STRING/i) {
$msg = "the use of HTTP_REFERER is prone to XSS exploits; use referer_uri() instead";
}
elsif (/REQUEST_URI/i) {
$msg = "the use of HTTP_REFERER is prone to XSS exploits and does not work on IIS; use request_uri() instead";
}
# XHTML compatibility mode suggests a blank before / # XHTML compatibility mode suggests a blank before /
# i.e. <br /> # i.e. <br />
elsif (/<[a-z][^>]*[^ >]\/>/i) { elsif (/<[a-z][^>]*[^ >]\/>/i) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment