harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xss attack vector in bbcode.php - check for proc_open being disabled for security reasons in install

Browse Source
This commit is contained in:
friendica 2013-02-26 19:41:44 -08:00
parent ed2ff18cac
commit 70e766c2bf
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
include/bbcode.php
View File

@ -502,22 +502,22 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) {
// Clean up the HTML by loading and saving the HTML with the DOM
// Only do it when it has to be done - for performance reasons
if (!$tryoembed) {
$doc = new DOMDocument();
$doc->preserveWhiteSpace = false;
// if (!$tryoembed) {//
// $doc = new DOMDocument();
// $doc->preserveWhiteSpace = false;
$Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8");
// $Text = mb_convert_encoding($Text, 'HTML-ENTITIES', "UTF-8");
$doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
@$doc->loadHTML($doctype."<html><body>".$Text."</body></html>");
// $doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
// @$doc->loadHTML($doctype."<html><body>".$Text."</body></html>");
$Text = $doc->saveHTML();
$Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text);
// $Text = $doc->saveHTML();
// $Text = str_replace(array("<html><body>", "</body></html>", $doctype), array("", "", ""), $Text);
$Text = str_replace('<br></li>','</li>', $Text);
// $Text = str_replace('<br></li>','</li>', $Text);
$Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES');
}
// $Text = mb_convert_encoding($Text, "UTF-8", 'HTML-ENTITIES');
// }
call_hooks('bbcode',$Text);

6
mod/setup.php
View File

@ -397,6 +397,12 @@ function check_funcs(&$checks) {
check_add($ck_funcs, t('Apache mod_rewrite module'), true, true, "");
}
}
if((! function_exists('proc_open')) || strstr(ini_get('disable_functions'),'proc_open')) {
check_add($ck_funcs, t('proc_open'), false, true, t('Error: proc_open is required but is either not installed or has been disabled in php.ini'));
}
else {
check_add($ck_funcs, t('proc_open'), true, true, "");
}
if(! function_exists('curl_init')){
$ck_funcs[0]['status']= false;