fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 17:21:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

Improve granularity of Context security check

Browse source 
정규식에 따라 모두 막을지, 관리자만 허용할지 구분할 수 있도록 하고
이를 참조하여 <script> 태그는 관리자만 허용, PHP 태그는 모두 막도록 변경.
This commit is contained in:
Kijin Sung 2018-10-13 16:42:19 +09:00
parent 06349cdd98
commit f8b0ca6a78
2 changed files with 30 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

26
classes/context/Context.class.php
View file

@ -117,10 +117,10 @@ class Context
public $is_site_locked = FALSE; public $is_site_locked = FALSE;
/** /**
* Check init * Result of initial security check
* @var bool FALSE if init fail * @var string|bool
*/ */
public $isSuccessInit = TRUE; public $security_check = 'OK';
/** /**
* Singleton instance * Singleton instance
@ -173,8 +173,9 @@ class Context
* @var array * @var array
*/ */
private static $_check_patterns = array( private static $_check_patterns = array(
'@<(?:\?|%)@', '@<(?:\?|%)@' => 'DENY ALL',
'@<script\s*?language\s*?=@i', '@<script\s*?language\s*?=@i' => 'DENY ALL',
'@</?script@i' => 'ALLOW ADMIN ONLY',
); );
/** /**
@ -1070,7 +1071,7 @@ class Context
{ {
if (!self::_recursiveCheckVar($_SERVER['HTTP_HOST']) || preg_match("/[\,\"\'\{\}\[\]\(\);$]/", $_SERVER['HTTP_HOST'])) if (!self::_recursiveCheckVar($_SERVER['HTTP_HOST']) || preg_match("/[\,\"\'\{\}\[\]\(\);$]/", $_SERVER['HTTP_HOST']))
{ {
self::$_instance->isSuccessInit = FALSE; self::$_instance->security_check = 'DENY ALL';
} }
} }
@ -1267,7 +1268,7 @@ class Context
} }
if(!UploadFileFilter::check($tmp_name, $val['name'])) if(!UploadFileFilter::check($tmp_name, $val['name']))
{ {
self::$_instance->isSuccessInit = false; self::$_instance->security_check = 'DENY ALL';
unset($_FILES[$key]); unset($_FILES[$key]);
continue; continue;
} }
@ -1287,7 +1288,7 @@ class Context
} }
if(!UploadFileFilter::check($val['tmp_name'][$i], $val['name'][$i])) if(!UploadFileFilter::check($val['tmp_name'][$i], $val['name'][$i]))
{ {
self::$_instance->isSuccessInit = false; self::$_instance->security_check = 'DENY ALL';
$files = array(); $files = array();
unset($_FILES[$key]); unset($_FILES[$key]);
break; break;
@ -1318,12 +1319,15 @@ class Context
{ {
if(is_string($val)) if(is_string($val))
{ {
foreach(self::$_check_patterns as $pattern) foreach(self::$_check_patterns as $pattern => $status)
{ {
if(preg_match($pattern, $val)) if(preg_match($pattern, $val))
{ {
self::$_instance->isSuccessInit = false; self::$_instance->security_check = $status;
return false; if($status === 'DENY ALL')
{
return false;
}
} }
} }
} }

18
classes/module/ModuleHandler.class.php
View file

@ -42,11 +42,23 @@ class ModuleHandler extends Handler
return; return;
} }
// Check security check status
$oContext = Context::getInstance(); $oContext = Context::getInstance();
if($oContext->isSuccessInit === false) switch($oContext->security_check)
{ {
$this->error = 'msg_security_violation'; case 'OK':
return; break;
case 'ALLOW ADMIN ONLY':
if(!Context::get('logged_info')->isAdmin())
{
$this->error = 'msg_security_violation';
return;
}
break;
case 'DENY ALL':
default:
$this->error = 'msg_security_violation';
return;
} }
// Set variables from request arguments // Set variables from request arguments