diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-02-24 13:44:58 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-02-24 13:44:58 +0100 |
| commit | 26ceae189b2d0a31062ca1f26577545b78250281 (patch) | |
| tree | bfab809313d3f19b569f19047c8ad0b71e733f69 | |
| parent | 6d88439ada7c841b10a8de3da846f7cc1cf5842a (diff) | |
| download | rpg-26ceae189b2d0a31062ca1f26577545b78250281.tar.gz rpg-26ceae189b2d0a31062ca1f26577545b78250281.tar.bz2 | |
Test uploaded files for HTML tags FS#1077
Following the problem with IE's mimetype handling described at
http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
this patch adds a new option (on by default) to check the first 256
bytes of uploaded files against a list of a few HTML tags and denies
the upload of such a file. In rare occasions this may block harmless
and valid files, but that's price we have to pay for Microsoft's
stupidity.
Users who need HTML uploads should disable this check. (Don't do that on
open Wikis!)
darcs-hash:20070224124458-7ad00-0ced616d06f563515b36a0a6871b5ba50229c946.gz
| -rw-r--r-- | conf/dokuwiki.php | 1 | ||||
| -rw-r--r-- | inc/lang/en/lang.php | 3 | ||||
| -rw-r--r-- | inc/media.php | 19 | ||||
| -rw-r--r-- | lib/plugins/config/lang/en/lang.php | 1 | ||||
| -rw-r--r-- | lib/plugins/config/settings/config.metadata.php | 1 |
5 files changed, 21 insertions, 4 deletions
diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index 66a2171b3..d442f0e93 100644 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -54,6 +54,7 @@ $conf['mailguard'] = 'hex'; //obfuscate email addresses against sp // 'visible' - replace @ with [at], . with [dot] and - with [dash] // 'hex' - use hex entities to encode the mail address // 'none' - do not obfuscate addresses +$conf['iexssprotect']= 1; // check for JavaScript and HTML in uploaded files 0|1 /* Authentication Options - read http://www.splitbrain.org/dokuwiki/wiki:acl */ diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index aa0aad6e0..23f17c52c 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -104,7 +104,8 @@ $lang['uploadfail'] = 'Upload failed. Maybe wrong permissions?'; $lang['uploadwrong'] = 'Upload denied. This file extension is forbidden!'; $lang['uploadexist'] = 'File already exists. Nothing done.'; $lang['uploadbadcontent'] = 'The uploaded content did not match the %s file extension.'; -$lang['uploadspam'] = 'The upload was blocked by the spam blacklist'; +$lang['uploadspam'] = 'The upload was blocked by the spam blacklist.'; +$lang['uploadxss'] = 'The upload was blocked for possibly malicious content.'; $lang['deletesucc'] = 'The file "%s" has been deleted.'; $lang['deletefail'] = '"%s" couldn\'t be deleted - check permissions.'; $lang['mediainuse'] = 'The file "%s" hasn\'t been deleted - it is still in use.'; diff --git a/inc/media.php b/inc/media.php index 052e9a54a..8cf2bba81 100644 --- a/inc/media.php +++ b/inc/media.php @@ -226,6 +226,9 @@ function media_upload($ns,$auth){ }elseif($ok == -2){ msg($lang['uploadspam'],-1); return false; + }elseif($ok == -3){ + msg($lang['uploadxss'],-1); + return false; } // prepare directory @@ -249,16 +252,27 @@ function media_upload($ns,$auth){ /** * This function checks if the uploaded content is really what the - * mimetype says it is. We also do spam checking for text types here + * mimetype says it is. We also do spam checking for text types here. * * We need to do this stuff because we can not rely on the browser * to do this check correctly. Yes, IE is broken as usual. * * @author Andreas Gohr <andi@splitbrain.org> - * @link http://weblog.philringnalda.com/2004/04/06/getting-around-ies-mime-type-mangling + * @link http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting * @fixme check all 26 magic IE filetypes here? */ function media_contentcheck($file,$mime){ + global $conf; + if($conf['iexssprotect']){ + $fh = @fopen($file, 'rb'); + if($fh){ + $bytes = fread($fh, 256); + fclose($fh); + if(preg_match('/<(script|a|img|html|body|iframe)[\s>]/i',$bytes)){ + return -3; + } + } + } if(substr($mime,0,6) == 'image/'){ $info = @getimagesize($file); if($mime == 'image/gif' && $info[2] != 1){ @@ -273,7 +287,6 @@ function media_contentcheck($file,$mime){ global $TEXT; $TEXT = io_readFile($file); if(checkwordblock()){ - msg('Content seems to be spam',-1); return -2; } } diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 9f3df88bb..825f5cf85 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -80,6 +80,7 @@ $lang['usewordblock']= 'Block spam based on wordlist'; $lang['indexdelay'] = 'Time delay before indexing (sec)'; $lang['relnofollow'] = 'Use rel="nofollow" on external links'; $lang['mailguard'] = 'Obfuscate email addresses'; +$lang['iexssprotect']= 'Check uploaded files for possibly malicious JavaScript or HTML code'; /* Authentication Options */ $lang['useacl'] = 'Use access control lists'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index d1456b3e9..ee8db882f 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -122,6 +122,7 @@ $meta['usewordblock']= array('onoff'); $meta['relnofollow'] = array('onoff'); $meta['indexdelay'] = array('numeric'); $meta['mailguard'] = array('multichoice','_choices' => array('visible','hex','none')); +$meta['iexssprotect']= array('onoff'); $meta['_editing'] = array('fieldset'); $meta['usedraft'] = array('onoff'); |