fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 18:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

SECISSUE <object> tag의 XSS 문제 해결.

Browse source
This commit is contained in:
bnu 2014-01-02 19:51:15 +09:00
parent 20436466fc
commit c5845c4758
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
classes/security/EmbedFilter.class.php
View file

@ -347,14 +347,14 @@ class EmbedFilter
}
}
if(!$isWhiteDomain && !$isWhiteMimetype && $ext)
if($isWhiteDomain && $isWhiteMimetype && $ext)
{
$isWhiteExt = $this->isWhiteExt($ext);
}
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
{
$content = str_replace($objectTag, htmlspecialchars($objectTag), $content);
$content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT, 'UTF-8', false), $content);
}
}
}
@ -400,14 +400,14 @@ class EmbedFilter
}
}
if(!$isWhiteDomain && !$isWhiteMimetype && $ext)
if($isWhiteDomain && $isWhiteMimetype && $ext)
{
$isWhiteExt = $this->isWhiteExt($ext);
}
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt)
if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
{
$content = str_replace($embedTag, htmlspecialchars($embedTag), $content);
$content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT, 'UTF-8', false), $content);
}
}
}
@ -450,7 +450,7 @@ class EmbedFilter
if(!$isWhiteDomain)
{
$content = str_replace($iframeTag, htmlspecialchars($iframeTag), $content);
$content = str_replace($iframeTag, htmlspecialchars($iframeTag, ENT_COMPAT, 'UTF-8', false), $content);
}
}
}
@ -483,14 +483,14 @@ class EmbedFilter
$ext = strtolower(substr(strrchr($parser->iNodeAttributes['value'], "."), 1));
$isWhiteDomain = $this->isWhiteDomain($parser->iNodeAttributes['value']);
if(!$isWhiteDomain && $ext)
if($isWhiteDomain && $ext)
{
$isWhiteExt = $this->isWhiteExt($ext);
}
if(!$isWhiteDomain && !$isWhiteExt)
if(!$isWhiteDomain || !$isWhiteExt)
{
$content = str_replace($paramTag, htmlspecialchars($paramTag), $content);
$content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT, 'UTF-8', false), $content);
}
}
}
@ -568,7 +568,7 @@ class EmbedFilter
if($m[1] == 'param')
{
if(strpos(strtolower($m[0]), 'allowscriptaccess'))
if(stripos($m[0], 'allowscriptaccess'))
{
$m[0] = '<param name="allowscriptaccess" value="never"';
if(substr($m[0], -1) == '/')
@ -580,7 +580,7 @@ class EmbedFilter
}
else if($m[1] == 'embed')
{
if(strpos(strtolower($m[0]), 'allowscriptaccess'))
if(stripos($m[0], 'allowscriptaccess'))
{
$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
}