diff options
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/lang/en/lang.php | 3 | ||||
| -rw-r--r-- | inc/media.php | 19 |
2 files changed, 18 insertions, 4 deletions
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index aa0aad6e0..23f17c52c 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -104,7 +104,8 @@ $lang['uploadfail'] = 'Upload failed. Maybe wrong permissions?'; $lang['uploadwrong'] = 'Upload denied. This file extension is forbidden!'; $lang['uploadexist'] = 'File already exists. Nothing done.'; $lang['uploadbadcontent'] = 'The uploaded content did not match the %s file extension.'; -$lang['uploadspam'] = 'The upload was blocked by the spam blacklist'; +$lang['uploadspam'] = 'The upload was blocked by the spam blacklist.'; +$lang['uploadxss'] = 'The upload was blocked for possibly malicious content.'; $lang['deletesucc'] = 'The file "%s" has been deleted.'; $lang['deletefail'] = '"%s" couldn\'t be deleted - check permissions.'; $lang['mediainuse'] = 'The file "%s" hasn\'t been deleted - it is still in use.'; diff --git a/inc/media.php b/inc/media.php index 052e9a54a..8cf2bba81 100644 --- a/inc/media.php +++ b/inc/media.php @@ -226,6 +226,9 @@ function media_upload($ns,$auth){ }elseif($ok == -2){ msg($lang['uploadspam'],-1); return false; + }elseif($ok == -3){ + msg($lang['uploadxss'],-1); + return false; } // prepare directory @@ -249,16 +252,27 @@ function media_upload($ns,$auth){ /** * This function checks if the uploaded content is really what the - * mimetype says it is. We also do spam checking for text types here + * mimetype says it is. We also do spam checking for text types here. * * We need to do this stuff because we can not rely on the browser * to do this check correctly. Yes, IE is broken as usual. * * @author Andreas Gohr <andi@splitbrain.org> - * @link http://weblog.philringnalda.com/2004/04/06/getting-around-ies-mime-type-mangling + * @link http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting * @fixme check all 26 magic IE filetypes here? */ function media_contentcheck($file,$mime){ + global $conf; + if($conf['iexssprotect']){ + $fh = @fopen($file, 'rb'); + if($fh){ + $bytes = fread($fh, 256); + fclose($fh); + if(preg_match('/<(script|a|img|html|body|iframe)[\s>]/i',$bytes)){ + return -3; + } + } + } if(substr($mime,0,6) == 'image/'){ $info = @getimagesize($file); if($mime == 'image/gif' && $info[2] != 1){ @@ -273,7 +287,6 @@ function media_contentcheck($file,$mime){ global $TEXT; $TEXT = io_readFile($file); if(checkwordblock()){ - msg('Content seems to be spam',-1); return -2; } } |