diff options
| -rw-r--r-- | includes/common.inc | 72 | ||||
| -rw-r--r-- | modules/aggregator.module | 11 | ||||
| -rw-r--r-- | modules/aggregator/aggregator.module | 11 | ||||
| -rw-r--r-- | modules/archive.module | 2 | ||||
| -rw-r--r-- | modules/archive/archive.module | 2 | ||||
| -rw-r--r-- | modules/import.module | 11 | ||||
| -rw-r--r-- | modules/node.module | 5 | ||||
| -rw-r--r-- | modules/node/node.module | 5 | ||||
| -rw-r--r-- | modules/search.module | 10 | ||||
| -rw-r--r-- | modules/search/search.module | 10 | ||||
| -rw-r--r-- | modules/taxonomy.module | 32 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 32 |
12 files changed, 107 insertions, 96 deletions
diff --git a/includes/common.inc b/includes/common.inc index 12a71bbda..2346f2646 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -179,7 +179,7 @@ function variable_init($conf = array()) { return $conf; } -function variable_get($name, $default, $object = 0) { +function variable_get($name, $default) { global $conf; return isset($conf[$name]) ? $conf[$name] : $default; @@ -413,12 +413,6 @@ function search_type($type = 0, $action = 0, $keys = 0, $options = 0) { function drupal_goto($url) { /* - ** Check the URL to prevent XSS attacks: - */ - - $url = check_url($url); - - /* ** Translate & to simply & */ @@ -475,12 +469,61 @@ function referer_load() { } } -function check_url($uri) { - /* - ** We pipe the request URI through htmlspecialchars() to prevent - ** XSS attacks. - */ +function xss_check_input_data($data) { + + if (is_array($data)) { + /* + ** Form data can contain a number of nested arrays. + */ + + foreach ($data as $key => $value) { + xss_check_input_data($value); + } + } + else { + /* + ** Detect evil input data. + */ + + // check attributes: + $match = preg_match("/\Wstyle\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wdynsrc\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wdatasrc\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wdata\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wlowsrc\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wstyle\s*=[^>]+?>/i", $data); + $match += preg_match("/\Won[a-z]+\s*=[^>]+?>/i", $data); + $match += preg_match("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", $data); + $match += preg_match("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", $data); + $match += preg_match("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", $data); + + // check tags: + $match += preg_match("/<\s*applet/i", $data); + $match += preg_match("/<\s*script/i", $data); + $match += preg_match("/<\s*object/i", $data); + $match += preg_match("/<\s*style/i", $data); + $match += preg_match("/<\s*embed/i", $data); + $match += preg_match("/<\s*form/i", $data); + $match += preg_match("/<\s*blink/i", $data); + $match += preg_match("/<\s*meta/i", $data); + $match += preg_match("/<\s*font/i", $data); + $match += preg_match("/<\s*html/i", $data); + $match += preg_match("/<\s*frame/i", $data); + $match += preg_match("/<\s*iframe/i", $data); + $match += preg_match("/<\s*layer/i", $data); + $match += preg_match("/<\s*ilayer/i", $data); + $match += preg_match("/<\s*head/i", $data); + $match += preg_match("/<\s*frameset/i", $data); + $match += preg_match("/<\s*xml/i", $data); + + if ($match) { + watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data)); + die("terminated request because of suspicious input data"); + } + } +} +function check_url($uri) { $uri = htmlspecialchars($uri, ENT_QUOTES); /* @@ -979,6 +1022,7 @@ function timer_start() { } function drupal_page_header() { + if (variable_get("dev_timer", 0)) { timer_start(); } @@ -1036,6 +1080,9 @@ set_error_handler("error_handler"); // spit out the correct charset http header header("Content-Type: text/html; charset=utf-8"); +// filter input data: +xss_check_input_data($_REQUEST); + // initialize installed modules: module_init(); @@ -1045,4 +1092,5 @@ $locale = locale_init(); // initialize theme: $theme = theme_init(); + ?> diff --git a/modules/aggregator.module b/modules/aggregator.module index 78adefc7c..1d384e706 100644 --- a/modules/aggregator.module +++ b/modules/aggregator.module @@ -305,6 +305,9 @@ function import_refresh($feed) { } fclose($fp); + // filter the input data: + xss_check_input_data($data); + // parse the data: $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, "import_element_start", "import_element_end"); @@ -320,14 +323,6 @@ function import_refresh($feed) { $tt = array_flip(get_html_translation_table(HTML_ENTITIES)); $tt["'"] = "'"; - /* - ** Strip invalid tags and provide default values (if required): - */ - - foreach ($channel as $key => $value) { - $channel[$key] = node_filter(strtr(trim($value), $tt)); - } - db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]); /* diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 78adefc7c..1d384e706 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -305,6 +305,9 @@ function import_refresh($feed) { } fclose($fp); + // filter the input data: + xss_check_input_data($data); + // parse the data: $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, "import_element_start", "import_element_end"); @@ -320,14 +323,6 @@ function import_refresh($feed) { $tt = array_flip(get_html_translation_table(HTML_ENTITIES)); $tt["'"] = "'"; - /* - ** Strip invalid tags and provide default values (if required): - */ - - foreach ($channel as $key => $value) { - $channel[$key] = node_filter(strtr(trim($value), $tt)); - } - db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]); /* diff --git a/modules/archive.module b/modules/archive.module index 206d90f76..b69d4feb1 100644 --- a/modules/archive.module +++ b/modules/archive.module @@ -87,7 +87,7 @@ function archive_calendar($original = 0) { $output .= " <tr class=\"header-week\">"; for ($i = 0; $i < 7; $i++) { - $output .= "<td>". substr(ucfirst(t(date("l", $firstcolumn + $i * 86400))), 0, 1) ."</td>"; + $output .= "<td>". t(substr(ucfirst(date("l", $firstcolumn + $i * 86400)), 0, 2)) ."</td>"; } $output .= "</tr>\n"; diff --git a/modules/archive/archive.module b/modules/archive/archive.module index 206d90f76..b69d4feb1 100644 --- a/modules/archive/archive.module +++ b/modules/archive/archive.module @@ -87,7 +87,7 @@ function archive_calendar($original = 0) { $output .= " <tr class=\"header-week\">"; for ($i = 0; $i < 7; $i++) { - $output .= "<td>". substr(ucfirst(t(date("l", $firstcolumn + $i * 86400))), 0, 1) ."</td>"; + $output .= "<td>". t(substr(ucfirst(date("l", $firstcolumn + $i * 86400)), 0, 2)) ."</td>"; } $output .= "</tr>\n"; diff --git a/modules/import.module b/modules/import.module index 78adefc7c..1d384e706 100644 --- a/modules/import.module +++ b/modules/import.module @@ -305,6 +305,9 @@ function import_refresh($feed) { } fclose($fp); + // filter the input data: + xss_check_input_data($data); + // parse the data: $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, "import_element_start", "import_element_end"); @@ -320,14 +323,6 @@ function import_refresh($feed) { $tt = array_flip(get_html_translation_table(HTML_ENTITIES)); $tt["'"] = "'"; - /* - ** Strip invalid tags and provide default values (if required): - */ - - foreach ($channel as $key => $value) { - $channel[$key] = node_filter(strtr(trim($value), $tt)); - } - db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]); /* diff --git a/modules/node.module b/modules/node.module index aad95c00f..ccdd264ba 100644 --- a/modules/node.module +++ b/modules/node.module @@ -499,11 +499,6 @@ function node_comment_mode($nid) { } function node_filter($text) { - $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text); - $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text); - $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text); - $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text); - if (variable_get("filter_html", 0)) { $text = node_filter_html($text); } diff --git a/modules/node/node.module b/modules/node/node.module index aad95c00f..ccdd264ba 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -499,11 +499,6 @@ function node_comment_mode($nid) { } function node_filter($text) { - $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text); - $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text); - $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text); - $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text); - if (variable_get("filter_html", 0)) { $text = node_filter_html($text); } diff --git a/modules/search.module b/modules/search.module index 8a332263b..f024f0d5e 100644 --- a/modules/search.module +++ b/modules/search.module @@ -364,15 +364,7 @@ function search_view($keys) { theme("box", t("Search Results"), $output); } else { - // no results. try a substring search - $output = search_data("*". $keys. "*"); - - if ($output) { - theme("box", t("Search Results"), $output); - } - else { - theme("box", t("Search Results"), t("Your search yielded no results.")); - } + theme("box", t("Search Results"), t("Your search yielded no results.")); } } diff --git a/modules/search/search.module b/modules/search/search.module index 8a332263b..f024f0d5e 100644 --- a/modules/search/search.module +++ b/modules/search/search.module @@ -364,15 +364,7 @@ function search_view($keys) { theme("box", t("Search Results"), $output); } else { - // no results. try a substring search - $output = search_data("*". $keys. "*"); - - if ($output) { - theme("box", t("Search Results"), $output); - } - else { - theme("box", t("Search Results"), t("Your search yielded no results.")); - } + theme("box", t("Search Results"), t("Your search yielded no results.")); } } diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 89427d139..567a8e5e3 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -657,23 +657,25 @@ function _prepare_insert($data, $stage) { function taxonomy_select_nodes($taxonomy, $pager = 1) { global $user; - if ($taxonomy->operator == "or") { - $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC"; - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'"; - } - else { - $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC"; + if ($taxonomy->str_tids) { + if ($taxonomy->operator == "or") { + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC"; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'"; + } + else { + $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC"; - // Special trick as we could not find anything better: - $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); - $sql_count = "SELECT $count"; - } + // Special trick as we could not find anything better: + $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); + $sql_count = "SELECT $count"; + } - if ($pager) { - $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count); - } - else { - $result = db_query_range($sql, 0, 15); + if ($pager) { + $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count); + } + else { + $result = db_query_range($sql, 0, 15); + } } return $result; diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 89427d139..567a8e5e3 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -657,23 +657,25 @@ function _prepare_insert($data, $stage) { function taxonomy_select_nodes($taxonomy, $pager = 1) { global $user; - if ($taxonomy->operator == "or") { - $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC"; - $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'"; - } - else { - $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC"; + if ($taxonomy->str_tids) { + if ($taxonomy->operator == "or") { + $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC"; + $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'"; + } + else { + $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC"; - // Special trick as we could not find anything better: - $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); - $sql_count = "SELECT $count"; - } + // Special trick as we could not find anything better: + $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids))); + $sql_count = "SELECT $count"; + } - if ($pager) { - $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count); - } - else { - $result = db_query_range($sql, 0, 15); + if ($pager) { + $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count); + } + else { + $result = db_query_range($sql, 0, 15); + } } return $result; |