diff options
author | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
commit | 02b0b681935185a1c4d2d64e76fe499f3d438d12 (patch) | |
tree | 67be0215dcee66121bafd54a9a78fd3e17c5b83c | |
parent | 10ffc9dd6a89562ef502baa21f968cf269fe21b0 (diff) | |
download | rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.gz rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.bz2 |
strip controlchars in fetch.php #935
Fixes a header injection/XSS vulnerability
darcs-hash:20061008100523-7ad00-be06a942badb6a2a9ed862be003ee0050504b4b0.gz
-rw-r--r-- | inc/common.php | 11 | ||||
-rw-r--r-- | lib/exe/fetch.php | 2 |
2 files changed, 11 insertions, 2 deletions
diff --git a/inc/common.php b/inc/common.php index 8b21c0585..845ca3634 100644 --- a/inc/common.php +++ b/inc/common.php @@ -41,7 +41,16 @@ function hsc($string){ */ function ptln($string,$intend=0){ for($i=0; $i<$intend; $i++) print ' '; - print"$string\n"; + echo "$string\n"; +} + +/** + * strips control characters (<32) from the given string + * + * @author Andreas Gohr <andi@splitbrain.org> + */ +function stripctl($string){ + return preg_replace('/[\x00-\x1F]+/s','',$string); } /** diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 343145c54..f33f7b0cc 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -20,7 +20,7 @@ $mimetypes = getMimeTypes(); //get input - $MEDIA = getID('media',false); // no cleaning - maybe external + $MEDIA = stripctl(getID('media',false)); // no cleaning except control chars - maybe external $CACHE = calc_cache($_REQUEST['cache']); $WIDTH = (int) $_REQUEST['w']; $HEIGHT = (int) $_REQUEST['h']; |