fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity

SECISSUE <object> tag의 XSS 문제 해결.

Browse source
This commit is contained in:
bnu 2014-01-02 19:51:15 +09:00
parent 20436466fc
commit c5845c4758
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
classes/security/EmbedFilter.class.php
View file

@ -347,14 +347,14 @@ class EmbedFilter
} }
} }
if(!$isWhiteDomain && !$isWhiteMimetype && $ext) if($isWhiteDomain && $isWhiteMimetype && $ext)
{ {
$isWhiteExt = $this->isWhiteExt($ext); $isWhiteExt = $this->isWhiteExt($ext);
} }
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt) if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
{ {
$content = str_replace($objectTag, htmlspecialchars($objectTag), $content); $content = str_replace($objectTag, htmlspecialchars($objectTag, ENT_COMPAT, 'UTF-8', false), $content);
} }
} }
} }
@ -400,14 +400,14 @@ class EmbedFilter
} }
} }
if(!$isWhiteDomain && !$isWhiteMimetype && $ext) if($isWhiteDomain && $isWhiteMimetype && $ext)
{ {
$isWhiteExt = $this->isWhiteExt($ext); $isWhiteExt = $this->isWhiteExt($ext);
} }
if(!$isWhiteDomain && !$isWhiteMimetype && !$isWhiteExt) if(!$isWhiteDomain || !$isWhiteMimetype || !$isWhiteExt)
{ {
$content = str_replace($embedTag, htmlspecialchars($embedTag), $content); $content = str_replace($embedTag, htmlspecialchars($embedTag, ENT_COMPAT, 'UTF-8', false), $content);
} }
} }
} }
@ -450,7 +450,7 @@ class EmbedFilter
if(!$isWhiteDomain) if(!$isWhiteDomain)
{ {
$content = str_replace($iframeTag, htmlspecialchars($iframeTag), $content); $content = str_replace($iframeTag, htmlspecialchars($iframeTag, ENT_COMPAT, 'UTF-8', false), $content);
} }
} }
} }
@ -483,14 +483,14 @@ class EmbedFilter
$ext = strtolower(substr(strrchr($parser->iNodeAttributes['value'], "."), 1)); $ext = strtolower(substr(strrchr($parser->iNodeAttributes['value'], "."), 1));
$isWhiteDomain = $this->isWhiteDomain($parser->iNodeAttributes['value']); $isWhiteDomain = $this->isWhiteDomain($parser->iNodeAttributes['value']);
if(!$isWhiteDomain && $ext) if($isWhiteDomain && $ext)
{ {
$isWhiteExt = $this->isWhiteExt($ext); $isWhiteExt = $this->isWhiteExt($ext);
} }
if(!$isWhiteDomain && !$isWhiteExt) if(!$isWhiteDomain || !$isWhiteExt)
{ {
$content = str_replace($paramTag, htmlspecialchars($paramTag), $content); $content = str_replace($paramTag, htmlspecialchars($paramTag, ENT_COMPAT, 'UTF-8', false), $content);
} }
} }
} }
@ -568,7 +568,7 @@ class EmbedFilter
if($m[1] == 'param') if($m[1] == 'param')
{ {
if(strpos(strtolower($m[0]), 'allowscriptaccess')) if(stripos($m[0], 'allowscriptaccess'))
{ {
$m[0] = '<param name="allowscriptaccess" value="never"'; $m[0] = '<param name="allowscriptaccess" value="never"';
if(substr($m[0], -1) == '/') if(substr($m[0], -1) == '/')
@ -580,7 +580,7 @@ class EmbedFilter
} }
else if($m[1] == 'embed') else if($m[1] == 'embed')
{ {
if(strpos(strtolower($m[0]), 'allowscriptaccess')) if(stripos($m[0], 'allowscriptaccess'))
{ {
$m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]); $m[0] = preg_replace('/always|samedomain/i', 'never', $m[0]);
} }