summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-12-18 12:33:40 +0100
committerAndrey Andreev <narf@bofh.bg>2012-12-18 12:33:40 +0100
commitdbcd9a9c318c97cbe5d0ebef899ee1dbeb9e21c1 (patch)
treef4fecfcccc7c954d3126d18185243c7819a80adf
parentd8dba5d3ecbe1ff4502b04a9cf3086908db140d1 (diff)
parent638a9d243065733f862761eed0fa5829409b571a (diff)
Merge pull request #2049 from brian978/develop
Added small improvement to the _remove_evil_attributes function
-rw-r--r--system/core/Security.php27
1 files changed, 17 insertions, 10 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 3bf626635..5ae8e653c 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -329,7 +329,7 @@ class CI_Security {
* these are the ones that will pose security problems.
*/
$str = preg_replace_callback("/[a-z]+=([\'\"]).*?\\1/si", array($this, '_convert_attribute'), $str);
- $str = preg_replace_callback('/<\w+.*?(?=>|<|$)/si', array($this, '_decode_entity'), $str);
+ $str = preg_replace_callback('/<\w+.*/si', array($this, '_decode_entity'), $str);
// Remove Invisible Characters Again!
$str = remove_invisible_characters($str);
@@ -526,9 +526,17 @@ class CI_Security {
$charset = config_item('charset');
}
- $str = html_entity_decode($str, ENT_COMPAT, $charset);
- $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str);
- return preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str);
+ do
+ {
+ $matches = $matches1 = 0;
+
+ $str = html_entity_decode($str, ENT_COMPAT, $charset);
+ $str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\\1"))', $str, -1, $matches);
+ $str = preg_replace('~&#([0-9]{2,4})~e', 'chr(\\1)', $str, -1, $matches1);
+ }
+ while($matches OR $matches1);
+
+ return $str;
}
// --------------------------------------------------------------------
@@ -642,17 +650,16 @@ class CI_Security {
$count = 0;
$attribs = array();
- // find occurrences of illegal attribute strings without quotes
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
+ // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
-
$attribs[] = preg_quote($attr[0], '/');
}
- // find occurrences of illegal attribute strings with quotes (042 and 047 are octal quotes)
- preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*(\042|\047)([^\\2]*?)(\\2)/is', $str, $matches, PREG_SET_ORDER);
+ // find occurrences of illegal attribute strings without quotes
+ preg_match_all('/('.implode('|', $evil_attributes).')\s*=\s*([^\s>]*)/is', $str, $matches, PREG_SET_ORDER);
foreach ($matches as $attr)
{
@@ -662,7 +669,7 @@ class CI_Security {
// replace illegal attribute strings that are inside an html tag
if (count($attribs) > 0)
{
- $str = preg_replace('/<(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><])([><]*)/i', '<$1 $3$5$6$7', $str, -1, $count);
+ $str = preg_replace('/(<?)(\/?[^><]+?)([^A-Za-z<>\-])(.*?)('.implode('|', $attribs).')(.*?)([\s><]?)([><]*)/i', '$1$2 $4$6$7$8', $str, -1, $count);
}
} while ($count);