diff options
| -rw-r--r-- | includes/common.inc | 14 | ||||
| -rw-r--r-- | modules/aggregator.module | 6 | ||||
| -rw-r--r-- | modules/aggregator/aggregator.module | 6 | ||||
| -rw-r--r-- | modules/import.module | 6 |
4 files changed, 22 insertions, 10 deletions
diff --git a/includes/common.inc b/includes/common.inc index 309ea2ff0..929644bcb 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -482,7 +482,7 @@ function referer_load() { } } -function xss_check_input_data($data) { +function valid_input_data($data) { if (is_array($data)) { /* @@ -490,7 +490,9 @@ function xss_check_input_data($data) { */ foreach ($data as $key => $value) { - xss_check_input_data($value); + if (!valid_input_data($value)) { + return 0; + } } } else { @@ -512,9 +514,11 @@ function xss_check_input_data($data) { if ($match) { watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); - die("terminated request because of suspicious input data"); + return 0; } } + + return 1; } function check_url($uri) { @@ -1049,7 +1053,9 @@ function drupal_page_header() { */ if (!user_access("bypass input data check")) { - xss_check_input_data($_REQUEST); + if (!valid_input_data($_REQUEST)) { + die("terminated request because of suspicious input data"); + } } } diff --git a/modules/aggregator.module b/modules/aggregator.module index 59847de0b..62261e711 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -291,7 +291,7 @@ function import_refresh($feed) { */ if (!ereg("^http://|ftp://", $feed["url"])) { - return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%side" => $feed["title"])); + return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%site" => $feed["title"])); } /* @@ -306,7 +306,9 @@ function import_refresh($feed) { fclose($fp); // filter the input data: - xss_check_input_data($data); + if (!valid_input_data($data)) { + return t("failed to parse RSS feed '%site': suspicious input data.", array("%site" => $feed["title"])); + } // parse the data: $xml_parser = xml_parser_create(); diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 59847de0b..62261e711 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -291,7 +291,7 @@ function import_refresh($feed) { */ if (!ereg("^http://|ftp://", $feed["url"])) { - return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%side" => $feed["title"])); + return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%site" => $feed["title"])); } /* @@ -306,7 +306,9 @@ function import_refresh($feed) { fclose($fp); // filter the input data: - xss_check_input_data($data); + if (!valid_input_data($data)) { + return t("failed to parse RSS feed '%site': suspicious input data.", array("%site" => $feed["title"])); + } // parse the data: $xml_parser = xml_parser_create(); diff --git a/modules/import.module b/modules/import.module index 59847de0b..62261e711 100644 --- a/modules/import.module +++ b/modules/import.module @@ -291,7 +291,7 @@ function import_refresh($feed) { */ if (!ereg("^http://|ftp://", $feed["url"])) { - return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%side" => $feed["title"])); + return t("failed to parse RSS feed '%site': incorrect or missing URL.", array("%site" => $feed["title"])); } /* @@ -306,7 +306,9 @@ function import_refresh($feed) { fclose($fp); // filter the input data: - xss_check_input_data($data); + if (!valid_input_data($data)) { + return t("failed to parse RSS feed '%site': suspicious input data.", array("%site" => $feed["title"])); + } // parse the data: $xml_parser = xml_parser_create(); |