mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-03 16:51:40 +09:00
Improve granularity of Context security check
정규식에 따라 모두 막을지, 관리자만 허용할지 구분할 수 있도록 하고 이를 참조하여 <script> 태그는 관리자만 허용, PHP 태그는 모두 막도록 변경.
This commit is contained in:
Kijin Sung
parent
06349cdd98
commit
f8b0ca6a78
2 changed files with 30 additions and 14 deletions
|
|
@ -117,10 +117,10 @@ class Context
|
|||
public $is_site_locked = FALSE;
|
||||
|
||||
/**
|
||||
* Check init
|
||||
* @var bool FALSE if init fail
|
||||
* Result of initial security check
|
||||
* @var string|bool
|
||||
*/
|
||||
public $isSuccessInit = TRUE;
|
||||
public $security_check = 'OK';
|
||||
|
||||
/**
|
||||
* Singleton instance
|
||||
|
|
@ -173,8 +173,9 @@ class Context
|
|||
* @var array
|
||||
*/
|
||||
private static $_check_patterns = array(
|
||||
'@<(?:\?|%)@',
|
||||
'@<script\s*?language\s*?=@i',
|
||||
'@<(?:\?|%)@' => 'DENY ALL',
|
||||
'@<script\s*?language\s*?=@i' => 'DENY ALL',
|
||||
'@</?script@i' => 'ALLOW ADMIN ONLY',
|
||||
);
|
||||
|
||||
/**
|
||||
|
|
@ -1070,7 +1071,7 @@ class Context
|
|||
{
|
||||
if (!self::_recursiveCheckVar($_SERVER['HTTP_HOST']) || preg_match("/[\,\"\'\{\}\[\]\(\);$]/", $_SERVER['HTTP_HOST']))
|
||||
{
|
||||
self::$_instance->isSuccessInit = FALSE;
|
||||
self::$_instance->security_check = 'DENY ALL';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1267,7 +1268,7 @@ class Context
|
|||
}
|
||||
if(!UploadFileFilter::check($tmp_name, $val['name']))
|
||||
{
|
||||
self::$_instance->isSuccessInit = false;
|
||||
self::$_instance->security_check = 'DENY ALL';
|
||||
unset($_FILES[$key]);
|
||||
continue;
|
||||
}
|
||||
|
|
@ -1287,7 +1288,7 @@ class Context
|
|||
}
|
||||
if(!UploadFileFilter::check($val['tmp_name'][$i], $val['name'][$i]))
|
||||
{
|
||||
self::$_instance->isSuccessInit = false;
|
||||
self::$_instance->security_check = 'DENY ALL';
|
||||
$files = array();
|
||||
unset($_FILES[$key]);
|
||||
break;
|
||||
|
|
@ -1318,15 +1319,18 @@ class Context
|
|||
{
|
||||
if(is_string($val))
|
||||
{
|
||||
foreach(self::$_check_patterns as $pattern)
|
||||
foreach(self::$_check_patterns as $pattern => $status)
|
||||
{
|
||||
if(preg_match($pattern, $val))
|
||||
{
|
||||
self::$_instance->isSuccessInit = false;
|
||||
self::$_instance->security_check = $status;
|
||||
if($status === 'DENY ALL')
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if(is_array($val))
|
||||
{
|
||||
foreach($val as $val2)
|
||||
|
|
|
|||
|
|
@ -42,9 +42,21 @@ class ModuleHandler extends Handler
|
|||
return;
|
||||
}
|
||||
|
||||
// Check security check status
|
||||
$oContext = Context::getInstance();
|
||||
if($oContext->isSuccessInit === false)
|
||||
switch($oContext->security_check)
|
||||
{
|
||||
case 'OK':
|
||||
break;
|
||||
case 'ALLOW ADMIN ONLY':
|
||||
if(!Context::get('logged_info')->isAdmin())
|
||||
{
|
||||
$this->error = 'msg_security_violation';
|
||||
return;
|
||||
}
|
||||
break;
|
||||
case 'DENY ALL':
|
||||
default:
|
||||
$this->error = 'msg_security_violation';
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue