fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop' into php7

Browse source
This commit is contained in:
Kijin Sung 2015-12-09 13:14:01 +09:00
commit 5f5377fe85
5 changed files with 43 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/config.inc.php
View file

@ -29,7 +29,7 @@ define('__ZBXE__', __XE__);
/** /**
* Display XE's full version. * Display XE's full version.
*/ */
define('__XE_VERSION__', '1.8.14'); define('__XE_VERSION__', '1.8.15');
define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false)); define('__XE_VERSION_ALPHA__', (stripos(__XE_VERSION__, 'alpha') !== false));
define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false)); define('__XE_VERSION_BETA__', (stripos(__XE_VERSION__, 'beta') !== false));
define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false)); define('__XE_VERSION_RC__', (stripos(__XE_VERSION__, 'rc') !== false));

18
config/func.inc.php
View file

@ -1212,6 +1212,24 @@ function removeSrcHack($match)
} }
} }
$filter_arrts = array('style', 'src', 'href');
if($tag === 'object') array_push($filter_arrts, 'data');
if($tag === 'param') array_push($filter_arrts, 'value');
foreach($filter_arrts as $attr)
{
if(!isset($attrs[$attr])) continue;
$attr_value = rawurldecode($attrs[$attr]);
$attr_value = htmlspecialchars_decode($attr_value, ENT_COMPAT);
$attr_value = preg_replace('/\s+|[\t\n\r]+/', '', $attr_value);
if(preg_match('@(\?|&|;)(act=)@i', $attr_value))
{
unset($attrs[$attr]);
}
}
if(isset($attrs['style']) && preg_match('@(?:/\*|\*/|\n|:\s*expression\s*\()@i', $attrs['style'])) if(isset($attrs['style']) && preg_match('@(?:/\*|\*/|\n|:\s*expression\s*\()@i', $attrs['style']))
{ {
unset($attrs['style']); unset($attrs['style']);

6
modules/layout/layout.view.php
View file

@ -316,6 +316,12 @@ class layoutView extends layout
*/ */
function dispLayoutPreview() function dispLayoutPreview()
{ {
if(!checkCSRF())
{
$this->stop('msg_invalid_request');
return new Object(-1, 'msg_invalid_request');
}
// admin check // admin check
// this act is admin view but in normal view because do not load admin css/js files // this act is admin view but in normal view because do not load admin css/js files
$logged_info = Context::get('logged_info'); $logged_info = Context::get('logged_info');

53
tests/unit/FuncIncTest.class.php
View file

@ -1,53 +0,0 @@
<?php
class FuncIncTest extends \Codeception\TestCase\Test
{
static public function provider()
{
return array(
// remove iframe
array(
'<div class="frame"><iframe src="path/to/file.html"></iframe><p><a href="#iframe">IFrame</a></p></div>',
'<div class="frame">&lt;iframe src="path/to/file.html">&lt;/iframe><p><a href="#iframe">IFrame</a></p></div>'
),
// expression
array(
'<div class="dummy" style="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
'<div class="dummy">'
),
// no quotes and no semicolon - http://ha.ckers.org/xss.html
array(
'<img src=javascript:alert(\'xss\')>',
'<img>'
),
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
array(
'<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">',
'<img>'
),
// issue 178
array(
"<img src=\"invalid\"\nonerror=\"alert(1)\" />",
'<img src="invalid" />'
),
// issue 534
array(
'<img src=\'as"df dummy=\'"1234\'" 4321\' asdf/*/>*/" onerror="console.log(\'Yet another XSS\')">',
'<img src="as&quot;df dummy=" />*/" onerror="console.log(\'Yet another XSS\')">'
),
// issue 602
array(
'<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">',
'<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif">'
)
);
}
/**
* @dataProvider provider
*/
public function testXss($source, $expected)
{
$result = removeHackTag($source);
$this->assertEquals($result, $expected);
}
}

19
tests/unit/FuncIncTest.php
View file

@ -29,7 +29,7 @@ class FuncIncTest extends \Codeception\TestCase\Test
), ),
// issue 178 // issue 178
array( array(
"<img src=\"invalid.jpg\"\nonerror=\"alert(1)\" />", '<img src="invalid.jpg"\nonerror="alert(1)" />',
'<img src="invalid.jpg" alt="invalid.jpg" />' '<img src="invalid.jpg" alt="invalid.jpg" />'
), ),
// issue 534 // issue 534
@ -41,6 +41,23 @@ class FuncIncTest extends \Codeception\TestCase\Test
array( array(
'<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">', '<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">',
'' ''
),
// issue #1813 https://github.com/xpressengine/xe-core/issues/1813
array(
'<img src="?act=dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
'<img src="?act =dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
"<img src=\"?act\n=dispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
),
array(
"<img src=\"?pam=act&a\nct =\r\n\tdispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
) )
); );
} }