Subversion-Projekte lars-tiefland.ci

Revision

Revision 68 | Revision 2049 | Zur aktuellen Revision | Ganze Datei anzeigen | Leerzeichen ignorieren | Details | Blame | Letzte Änderung | Log anzeigen | RSS feed

Revision 68 Revision 1257
Zeile 131... Zeile 131...
131
	 * List of never allowed strings
131
	 * List of never allowed strings
132
	 *
132
	 *
133
	 * @var	array
133
	 * @var	array
134
	 */
134
	 */
135
	protected $_never_allowed_str =	array(
135
	protected $_never_allowed_str =	array(
136
		'document.cookie'	=> '[removed]',
136
		'document.cookie' => '[removed]',
137
		'document.write'	=> '[removed]',
137
		'document.write'  => '[removed]',
138
		'.parentNode'		=> '[removed]',
138
		'.parentNode'     => '[removed]',
139
		'.innerHTML'		=> '[removed]',
139
		'.innerHTML'      => '[removed]',
140
		'-moz-binding'		=> '[removed]',
140
		'-moz-binding'    => '[removed]',
141
		'<!--'				=> '&lt;!--',
141
		'<!--'            => '&lt;!--',
142
		'-->'				=> '--&gt;',
142
		'-->'             => '--&gt;',
143
		'<![CDATA['			=> '&lt;![CDATA[',
143
		'<![CDATA['       => '&lt;![CDATA[',
144
		'<comment>'			=> '&lt;comment&gt;'
144
		'<comment>'	  => '&lt;comment&gt;',
-
 
145
		'<%'              => '&lt;&#37;'
145
	);
146
	);
Zeile 146... Zeile 147...
146
 
147
 
147
	/**
148
	/**
148
	 * List of never allowed regex replacements
149
	 * List of never allowed regex replacements
Zeile 228... Zeile 229...
228
			OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match?
229
			OR $_POST[$this->_csrf_token_name] !== $_COOKIE[$this->_csrf_cookie_name]) // Do the tokens match?
229
		{
230
		{
230
			$this->csrf_show_error();
231
			$this->csrf_show_error();
231
		}
232
		}
Zeile 232... Zeile 233...
232
 
233
 
233
		// We kill this since we're done and we don't want to polute the _POST array
234
		// We kill this since we're done and we don't want to pollute the _POST array
Zeile 234... Zeile 235...
234
		unset($_POST[$this->_csrf_token_name]);
235
		unset($_POST[$this->_csrf_token_name]);
235
 
236
 
236
		// Regenerate on every submission?
237
		// Regenerate on every submission?
Zeile 369... Zeile 370...
369
		 *
370
		 *
370
		 * <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
371
		 * <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
371
		 *
372
		 *
372
		 * Note: Use rawurldecode() so it does not remove plus signs
373
		 * Note: Use rawurldecode() so it does not remove plus signs
373
		 */
374
		 */
374
		do
375
		if (stripos($str, '%') !== false)
375
		{
376
		{
-
 
377
			do
-
 
378
			{
-
 
379
				$oldstr = $str;
376
			$str = rawurldecode($str);
380
				$str = rawurldecode($str);
-
 
381
				$str = preg_replace_callback('#%(?:\s*[0-9a-f]){2,}#i', array($this, '_urldecodespaces'), $str);
-
 
382
			}
-
 
383
			while ($oldstr !== $str);
-
 
384
			unset($oldstr);
377
		}
385
		}
378
		while (preg_match('/%[0-9a-f]{2,}/i', $str));
-
 
Zeile 379... Zeile 386...
379
 
386
 
380
		/*
387
		/*
381
		 * Convert character entities to ASCII
388
		 * Convert character entities to ASCII
382
		 *
389
		 *
Zeile 464... Zeile 471...
464
		{
471
		{
465
			$original = $str;
472
			$original = $str;
Zeile 466... Zeile 473...
466
 
473
 
467
			if (preg_match('/<a/i', $str))
474
			if (preg_match('/<a/i', $str))
468
			{
475
			{
469
				$str = preg_replace_callback('#<a[^a-z0-9>]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
476
				$str = preg_replace_callback('#<a(?:rea)?[^a-z0-9>]+([^>]*?)(?:>|$)#si', array($this, '_js_link_removal'), $str);
Zeile 470... Zeile 477...
470
			}
477
			}
471
 
478
 
472
			if (preg_match('/<img/i', $str))
479
			if (preg_match('/<img/i', $str))
Zeile 667... Zeile 674...
667
		isset($charset) OR $charset = $this->charset;
674
		isset($charset) OR $charset = $this->charset;
668
		$flag = is_php('5.4')
675
		$flag = is_php('5.4')
669
			? ENT_COMPAT | ENT_HTML5
676
			? ENT_COMPAT | ENT_HTML5
670
			: ENT_COMPAT;
677
			: ENT_COMPAT;
Zeile -... Zeile 678...
-
 
678
 
-
 
679
		if ( ! isset($_entities))
-
 
680
		{
-
 
681
			$_entities = array_map('strtolower', get_html_translation_table(HTML_ENTITIES, $flag, $charset));
-
 
682
 
-
 
683
			// If we're not on PHP 5.4+, add the possibly dangerous HTML 5
-
 
684
			// entities to the array manually
-
 
685
			if ($flag === ENT_COMPAT)
-
 
686
			{
-
 
687
				$_entities[':'] = '&colon;';
-
 
688
				$_entities['('] = '&lpar;';
-
 
689
				$_entities[')'] = '&rpar;';
-
 
690
				$_entities["\n"] = '&NewLine;';
-
 
691
				$_entities["\t"] = '&Tab;';
-
 
692
			}
-
 
693
		}
671
 
694
 
672
		do
695
		do
673
		{
696
		{
Zeile 674... Zeile 697...
674
			$str_compare = $str;
697
			$str_compare = $str;
675
 
698
 
676
			// Decode standard entities, avoiding false positives
699
			// Decode standard entities, avoiding false positives
677
			if (preg_match_all('/&[a-z]{2,}(?![a-z;])/i', $str, $matches))
-
 
678
			{
-
 
679
				if ( ! isset($_entities))
-
 
680
				{
-
 
681
					$_entities = array_map(
-
 
682
						'strtolower',
-
 
683
						is_php('5.3.4')
-
 
684
							? get_html_translation_table(HTML_ENTITIES, $flag, $charset)
-
 
685
							: get_html_translation_table(HTML_ENTITIES, $flag)
-
 
686
					);
-
 
687
 
-
 
688
					// If we're not on PHP 5.4+, add the possibly dangerous HTML 5
-
 
689
					// entities to the array manually
-
 
690
					if ($flag === ENT_COMPAT)
-
 
691
					{
-
 
692
						$_entities[':'] = '&colon;';
-
 
693
						$_entities['('] = '&lpar;';
-
 
694
						$_entities[')'] = '&rpar;';
-
 
695
						$_entities["\n"] = '&newline;';
-
 
696
						$_entities["\t"] = '&tab;';
-
 
697
					}
-
 
698
				}
700
			if (preg_match_all('/&[a-z]{2,}(?![a-z;])/i', $str, $matches))
699
 
701
			{
700
				$replace = array();
702
				$replace = array();
701
				$matches = array_unique(array_map('strtolower', $matches[0]));
703
				$matches = array_unique(array_map('strtolower', $matches[0]));
702
				foreach ($matches as &$match)
704
				foreach ($matches as &$match)
703
				{
705
				{
704
					if (($char = array_search($match.';', $_entities, TRUE)) !== FALSE)
706
					if (($char = array_search($match.';', $_entities, TRUE)) !== FALSE)
705
					{
707
					{
706
						$replace[$match] = $char;
708
						$replace[$match] = $char;
Zeile 707... Zeile 709...
707
					}
709
					}
708
				}
710
				}
Zeile 709... Zeile 711...
709
 
711
 
710
				$str = str_ireplace(array_keys($replace), array_values($replace), $str);
712
				$str = str_replace(array_keys($replace), array_values($replace), $str);
711
			}
713
			}
712
 
714
 
713
			// Decode numeric & UTF16 two byte entities
715
			// Decode numeric & UTF16 two byte entities
714
			$str = html_entity_decode(
716
			$str = html_entity_decode(
-
 
717
				preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str),
-
 
718
				$flag,
-
 
719
				$charset
-
 
720
			);
-
 
721
 
715
				preg_replace('/(&#(?:x0*[0-9a-f]{2,5}(?![0-9a-f;])|(?:0*\d{2,4}(?![0-9;]))))/iS', '$1;', $str),
722
			if ($flag === ENT_COMPAT)
716
				$flag,
723
			{
717
				$charset
724
				$str = str_replace(array_values($_entities), array_keys($_entities), $str);
718
			);
725
			}
Zeile 773... Zeile 780...
773
	}
780
	}
Zeile 774... Zeile 781...
774
 
781
 
Zeile 775... Zeile 782...
775
	// ----------------------------------------------------------------
782
	// ----------------------------------------------------------------
-
 
783
 
-
 
784
	/**
-
 
785
	 * URL-decode taking spaces into account
-
 
786
	 *
-
 
787
	 * @see		https://github.com/bcit-ci/CodeIgniter/issues/4877
-
 
788
	 * @param	array	$matches
-
 
789
	 * @return	string
-
 
790
	 */
-
 
791
	protected function _urldecodespaces($matches)
-
 
792
	{
-
 
793
		$input    = $matches[0];
-
 
794
		$nospaces = preg_replace('#\s+#', '', $input);
-
 
795
		return ($nospaces === $input)
-
 
796
			? $input
-
 
797
			: rawurldecode($nospaces);
-
 
798
	}
-
 
799
 
-
 
800
	// ----------------------------------------------------------------
776
 
801
 
777
	/**
802
	/**
778
	 * Compact Exploded Words
803
	 * Compact Exploded Words
779
	 *
804
	 *
780
	 * Callback method for xss_clean() to remove whitespace from
805
	 * Callback method for xss_clean() to remove whitespace from
Zeile 801... Zeile 826...
801
	 * @return	string
826
	 * @return	string
802
	 */
827
	 */
803
	protected function _sanitize_naughty_html($matches)
828
	protected function _sanitize_naughty_html($matches)
804
	{
829
	{
805
		static $naughty_tags    = array(
830
		static $naughty_tags    = array(
806
			'alert', 'prompt', 'confirm', 'applet', 'audio', 'basefont', 'base', 'behavior', 'bgsound',
831
			'alert', 'area', 'prompt', 'confirm', 'applet', 'audio', 'basefont', 'base', 'behavior', 'bgsound',
807
			'blink', 'body', 'embed', 'expression', 'form', 'frameset', 'frame', 'head', 'html', 'ilayer',
832
			'blink', 'body', 'embed', 'expression', 'form', 'frameset', 'frame', 'head', 'html', 'ilayer',
808
			'iframe', 'input', 'button', 'select', 'isindex', 'layer', 'link', 'meta', 'keygen', 'object',
833
			'iframe', 'input', 'button', 'select', 'isindex', 'layer', 'link', 'meta', 'keygen', 'object',
809
			'plaintext', 'style', 'script', 'textarea', 'title', 'math', 'video', 'svg', 'xml', 'xss'
834
			'plaintext', 'style', 'script', 'textarea', 'title', 'math', 'video', 'svg', 'xml', 'xss'
810
		);
835
		);
Zeile 898... Zeile 923...
898
	protected function _js_link_removal($match)
923
	protected function _js_link_removal($match)
899
	{
924
	{
900
		return str_replace(
925
		return str_replace(
901
			$match[1],
926
			$match[1],
902
			preg_replace(
927
			preg_replace(
903
				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|data\s*:)#si',
928
				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;)|javascript:|livescript:|mocha:|charset=|window\.|document\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
904
				'',
929
				'',
905
				$this->_filter_attributes($match[1])
930
				$this->_filter_attributes($match[1])
906
			),
931
			),
907
			$match[0]
932
			$match[0]
908
		);
933
		);