WebSVN – lars-tiefland.ci – Diff – /system/core/Security.php



 *
 * An open source application development framework for PHP
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2014 - 2018, British Columbia Institute of Technology
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * THE SOFTWARE.
 *
 * @package	CodeIgniter
 * @author	EllisLab Dev Team
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
 * @copyright	Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/)
 * @license	http://opensource.org/licenses/MIT	MIT License
 * @link	https://codeigniter.com
 * @since	Version 1.0.0
 * @filesource
 */

	 *
	 * @var	array
	 */
	protected $_never_allowed_str =	array(
		'document.cookie' => '[removed]',
		'(document).cookie' => '[removed]',
		'document.write'  => '[removed]',
		'(document).write'  => '[removed]',
		'.parentNode'     => '[removed]',
		'.innerHTML'      => '[removed]',
		'-moz-binding'    => '[removed]',
		'<!--'            => '&lt;!--',
		'-->'             => '--&gt;',

	 *
	 * @var	array
	 */
	protected $_never_allowed_regex = array(
		'javascript\s*:',
		'(\(?document\)?|\(?window\)?(\.document)?)\.(location|on\w*)',
		'expression\s*(\(|&\#40;)', // CSS and IE
		'vbscript\s*:', // IE, surprise!
		'wscript\s*:', // IE
		'jscript\s*:', // IE
		'vbs\s*:', // IE

			'#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si',
			'\\1\\2&#40;\\3&#41;',
			$str
		);

 
		// Same thing, but for "tag functions" (e.g. eval`some code`)
		// See https://github.com/bcit-ci/CodeIgniter/issues/5420
		$str = preg_replace(
			'#(alert|prompt|confirm|cmd|passthru|eval|exec|expression|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)`(.*?)`#si',
			'\\1\\2&#96;\\3&#96;',
			$str
		);
 
		// Final clean up
		// This adds a bit of extra precaution in case
		// something got through the above filters

			return '&lt;'.$matches[1].'&gt;';
		}
		// For other tags, see if their attributes are "evil" and strip those
		elseif (isset($matches['attributes']))
		{
			// We'll store the already filtered attributes here
			$attributes = array();

 
			// Attribute-catching pattern
			$attributes_pattern = '#'

	protected function _js_link_removal($match)
	{
		return str_replace(
			$match[1],
			preg_replace(
				'#href=.*?(?:(?:alert|prompt|confirm)(?:\(|&\#40;|`|&\#96;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|d\s*a\s*t\s*a\s*:)#si',
				'',
				$this->_filter_attributes($match[1])
			),
			$match[0]
		);

	protected function _js_img_removal($match)
	{
		return str_replace(
			$match[1],
			preg_replace(
				'#src=.*?(?:(?:alert|prompt|confirm|eval)(?:\(|&\#40;|`|&\#96;)|javascript:|livescript:|mocha:|charset=|window\.|\(?document\)?\.|\.cookie|<script|<xss|base64\s*,)#si',
				'',
				$this->_filter_attributes($match[1])
			),
			$match[0]
		);

Revision 2254	Revision 2257
Zeile 4...	Zeile 4...
4	`*`	4	`*`
5	`* An open source application development framework for PHP`	5	`* An open source application development framework for PHP`
6	`*`	6	`*`
7	`* This content is released under the MIT License (MIT)`	7	`* This content is released under the MIT License (MIT)`
8	`*`	8	`*`
9	`* Copyright (c) 2014 - 2017, British Columbia Institute of Technology`	9	`* Copyright (c) 2014 - 2018, British Columbia Institute of Technology`
10	`*`	10	`*`
11	`* Permission is hereby granted, free of charge, to any person obtaining a copy`	11	`* Permission is hereby granted, free of charge, to any person obtaining a copy`
12	`* of this software and associated documentation files (the "Software"), to deal`	12	`* of this software and associated documentation files (the "Software"), to deal`
13	`* in the Software without restriction, including without limitation the rights`	13	`* in the Software without restriction, including without limitation the rights`
14	`* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`	14	`* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell`
Zeile 27...	Zeile 27...
27	`* THE SOFTWARE.`	27	`* THE SOFTWARE.`
28	`*`	28	`*`
29	`* @package CodeIgniter`	29	`* @package CodeIgniter`
30	`* @author EllisLab Dev Team`	30	`* @author EllisLab Dev Team`
31	`* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)`	31	`* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)`
32	`* @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)`	32	`* @copyright Copyright (c) 2014 - 2018, British Columbia Institute of Technology (http://bcit.ca/)`
33	`* @license http://opensource.org/licenses/MIT MIT License`	33	`* @license http://opensource.org/licenses/MIT MIT License`
34	`* @link https://codeigniter.com`	34	`* @link https://codeigniter.com`
35	`* @since Version 1.0.0`	35	`* @since Version 1.0.0`
36	`* @filesource`	36	`* @filesource`
37	`*/`	37	`*/`
Zeile 132...	Zeile 132...
132	`*`	132	`*`
133	`* @var array`	133	`* @var array`
134	`*/`	134	`*/`
135	`protected $_never_allowed_str = array(`	135	`protected $_never_allowed_str = array(`
136	`'document.cookie' => '[removed]',`	136	`'document.cookie' => '[removed]',`
-		137	`'(document).cookie' => '[removed]',`
137	`'document.write' => '[removed]',`	138	`'document.write' => '[removed]',`
-		139	`'(document).write' => '[removed]',`
138	`'.parentNode' => '[removed]',`	140	`'.parentNode' => '[removed]',`
139	`'.innerHTML' => '[removed]',`	141	`'.innerHTML' => '[removed]',`
140	`'-moz-binding' => '[removed]',`	142	`'-moz-binding' => '[removed]',`
141	`'<!--' => '<!--',`	143	`'<!--' => '<!--',`
142	`'-->' => '-->',`	144	`'-->' => '-->',`
Zeile 150...	Zeile 152...
150	`*`	152	`*`
151	`* @var array`	153	`* @var array`
152	`*/`	154	`*/`
153	`protected $_never_allowed_regex = array(`	155	`protected $_never_allowed_regex = array(`
154	`'javascript\s*:',`	156	`'javascript\s*:',`
155	`'(document\|(document\.)?window)\.(location\|on\w*)',`	157	`'(\(?document\)?\|\(?window\)?(\.document)?)\.(location\|on\w*)',`
156	`'expression\s*(\(\|&\#40;)', // CSS and IE`	158	`'expression\s*(\(\|&\#40;)', // CSS and IE`
157	`'vbscript\s*:', // IE, surprise!`	159	`'vbscript\s*:', // IE, surprise!`
158	`'wscript\s*:', // IE`	160	`'wscript\s*:', // IE`
159	`'jscript\s*:', // IE`	161	`'jscript\s*:', // IE`
160	`'vbs\s*:', // IE`	162	`'vbs\s*:', // IE`
Zeile 540...	Zeile 542...
540	`'#(alert\|prompt\|confirm\|cmd\|passthru\|eval\|exec\|expression\|system\|fopen\|fsockopen\|file\|file_get_contents\|readfile\|unlink)(\s)\((.?)\)#si',`	542	`'#(alert\|prompt\|confirm\|cmd\|passthru\|eval\|exec\|expression\|system\|fopen\|fsockopen\|file\|file_get_contents\|readfile\|unlink)(\s)\((.?)\)#si',`
541	`'\\1\\2(\\3)',`	543	`'\\1\\2(\\3)',`
542	`$str`	544	`$str`
543	`);`	545	`);`
Zeile -...	Zeile 546...
-		546
-		547	// Same thing, but for "tag functions" (e.g. eval`some code`)
-		548	`// See https://github.com/bcit-ci/CodeIgniter/issues/5420`
-		549	`$str = preg_replace(`
-		550	'#(alert\|prompt\|confirm\|cmd\|passthru\|eval\|exec\|expression\|system\|fopen\|fsockopen\|file\|file_get_contents\|readfile\|unlink)(\s)`(.?)`#si',
-		551	`'\\1\\2`\\3`',`
-		552	`$str`
-		553	`);`
544		554
545	`// Final clean up`	555	`// Final clean up`
546	`// This adds a bit of extra precaution in case`	556	`// This adds a bit of extra precaution in case`
547	`// something got through the above filters`	557	`// something got through the above filters`
Zeile 851...	Zeile 861...
851	`return '<'.$matches[1].'>';`	861	`return '<'.$matches[1].'>';`
852	`}`	862	`}`
853	`// For other tags, see if their attributes are "evil" and strip those`	863	`// For other tags, see if their attributes are "evil" and strip those`
854	`elseif (isset($matches['attributes']))`	864	`elseif (isset($matches['attributes']))`
855	`{`	865	`{`
856	`// We'll store the already fitlered attributes here`	866	`// We'll store the already filtered attributes here`
857	`$attributes = array();`	867	`$attributes = array();`
Zeile 858...	Zeile 868...
858		868
859	`// Attribute-catching pattern`	869	`// Attribute-catching pattern`
860	`$attributes_pattern = '#'`	870	`$attributes_pattern = '#'`
Zeile 925...	Zeile 935...
925	`protected function _js_link_removal($match)`	935	`protected function _js_link_removal($match)`
926	`{`	936	`{`
927	`return str_replace(`	937	`return str_replace(`
928	`$match[1],`	938	`$match[1],`
929	`preg_replace(`	939	`preg_replace(`
930	`'#href=.?(?:(?:alert\|prompt\|confirm)(?:\(\|&\#40;)\|javascript:\|livescript:\|mocha:\|charset=\|window\.\|document\.\|\.cookie\|<script\|<xss\|d\sa\st\sa\s*:)#si',`	940	'#href=.?(?:(?:alert\|prompt\|confirm)(?:\(\|&\#40;\|`\|&\#96;)\|javascript:\|livescript:\|mocha:\|charset=\|window\.\|\(?document\)?\.\|\.cookie\|<script\|<xss\|d\sa\st\sa\s*:)#si',
931	`'',`	941	`'',`
932	`$this->_filter_attributes($match[1])`	942	`$this->_filter_attributes($match[1])`
933	`),`	943	`),`
934	`$match[0]`	944	`$match[0]`
935	`);`	945	`);`
Zeile 953...	Zeile 963...
953	`protected function _js_img_removal($match)`	963	`protected function _js_img_removal($match)`
954	`{`	964	`{`
955	`return str_replace(`	965	`return str_replace(`
956	`$match[1],`	966	`$match[1],`
957	`preg_replace(`	967	`preg_replace(`
958	`'#src=.?(?:(?:alert\|prompt\|confirm\|eval)(?:\(\|&\#40;)\|javascript:\|livescript:\|mocha:\|charset=\|window\.\|document\.\|\.cookie\|<script\|<xss\|base64\s,)#si',`	968	'#src=.?(?:(?:alert\|prompt\|confirm\|eval)(?:\(\|&\#40;\|`\|&\#96;)\|javascript:\|livescript:\|mocha:\|charset=\|window\.\|\(?document\)?\.\|\.cookie\|<script\|<xss\|base64\s,)#si',
959	`'',`	969	`'',`
960	`$this->_filter_attributes($match[1])`	970	`$this->_filter_attributes($match[1])`
961	`),`	971	`),`
962	`$match[0]`	972	`$match[0]`
963	`);`	973	`);`

Subversion-Projekte lars-tiefland.ci

(root)/system/core/Security.php – Revision 2254 → 2257