banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- fix rcmail_temp_gc() + small code cleanups

Browse Source
release-0.6
alecpl 16 years ago
parent 119cd17abf
commit c5ee036866
2 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File

17
program/include/main.inc
Unescape Escape View File

@ -128,7 +128,9 @@ function rcmail_url($action, $p=array(), $task=null)
*/ */
function rcmail_temp_gc() function rcmail_temp_gc()
{ {
$tmp = unslashify($CONFIG['temp_dir']); $rcmail = rcmail::get_instance();
$tmp = unslashify($rcmail->config->get('temp_dir'));
$expire = mktime() - 172800; // expire in 48 hours $expire = mktime() - 172800; // expire in 48 hours
if ($dir = opendir($tmp)) if ($dir = opendir($tmp))
@ -565,6 +567,9 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
$value = $_COOKIE[$fname]; $value = $_COOKIE[$fname];
} }
if (empty($value))
return $value;
// strip single quotes if magic_quotes_sybase is enabled // strip single quotes if magic_quotes_sybase is enabled
if (ini_get('magic_quotes_sybase')) if (ini_get('magic_quotes_sybase'))
$value = str_replace("''", "'", $value); $value = str_replace("''", "'", $value);
@ -723,7 +728,7 @@ function rcmail_mod_css_styles($source, $container_id)
$replacements = new rcube_string_replacer; $replacements = new rcube_string_replacer;
// ignore the whole block if evil styles are detected // ignore the whole block if evil styles are detected
$stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entitiy_decode($source)); $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
if (preg_match('/expression|behavior|url\(|import/', $stripped)) if (preg_match('/expression|behavior|url\(|import/', $stripped))
return '/* evil! */'; return '/* evil! */';
@ -764,22 +769,22 @@ function rcmail_mod_css_styles($source, $container_id)
* @param string CSS content to decode * @param string CSS content to decode
* @return string Decoded string * @return string Decoded string
*/ */
function rcmail_xss_entitiy_decode($content) function rcmail_xss_entity_decode($content)
{ {
$out = html_entity_decode(html_entity_decode($content)); $out = html_entity_decode(html_entity_decode($content));
$out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entitiy_decode_callback', $out); $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out);
$out = preg_replace('#/\*.*\*/#Um', '', $out); $out = preg_replace('#/\*.*\*/#Um', '', $out);
return $out; return $out;
} }
/** /**
* preg_replace_callback callback for rcmail_xss_entitiy_decode_callback * preg_replace_callback callback for rcmail_xss_entity_decode_callback
* *
* @param array matches result from preg_replace_callback * @param array matches result from preg_replace_callback
* @return string decoded entity * @return string decoded entity
*/ */
function rcmail_xss_entitiy_decode_callback($matches) function rcmail_xss_entity_decode_callback($matches)
{ {
return chr(hexdec($matches[1])); return chr(hexdec($matches[1]));
} }

2
program/steps/mail/func.inc
Unescape Escape View File

@ -861,7 +861,7 @@ function rcmail_washtml_callback($tagname, $attrib, $content)
case 'style': case 'style':
// decode all escaped entities and reduce to ascii strings // decode all escaped entities and reduce to ascii strings
$stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
// now check for evil strings like expression, behavior or url() // now check for evil strings like expression, behavior or url()
if (!preg_match('/expression|behavior|url\(|import/', $stripped)) { if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {

Write Preview
Loading…
Cancel
Save