We use cookies to ensure you get the best experience on our website
Startsida Utforska Hjälp
Registrera dig Logga in
0ct0pu5
/
squirrelmail
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Bläddra i källkod

Fix again for Internet Explorer's stupidity of decoding characters, then
executing it blindly. This code was fixed originally, but apparently some
how didn't work right. I checked on HastyMail and did a file comparision,
and noticed that one version of the same filter doesn't use \W... on removal
of that in the regex, the function seemed to correctly strip out bad functions

See http://www.securityfocus.com/archive/1/340118 for further information.

jangliss 21 år sedan
förälder
434837bd68
incheckning
61fe1c1a2e
1 ändrade filer med 11 tillägg och 9 borttagningar
Unifierad Vy Visa Diff Statistik
  1. 11 9
      functions/mime.php

+ 11 - 9
functions/mime.php
Visa fil 

@@ -850,6 +850,7 @@ function sq_unbackslash($attvalue){
 
     /**
 
     /**
 
      * Remove any backslashes. See if there are any first.
 
      * Remove any backslashes. See if there are any first.
 
      */
 
      */
 
+
 
     if (strstr($attvalue, '\\') !== false){
 
     if (strstr($attvalue, '\\') !== false){
 
         $attvalue = stripslashes($attvalue);
 
         $attvalue = stripslashes($attvalue);
 
     }
 
     }
 
@@ -1282,13 +1283,14 @@ function sq_getnxtag($body, $offset){
 
  * @param  $attvalue A string to run entity check against.
 
  * @param  $attvalue A string to run entity check against.
 
  * @return           Translated value.
 
  * @return           Translated value.
 
  */
 
  */
 
+
 
 function sq_deent($attvalue){
 
 function sq_deent($attvalue){
 
     $me = 'sq_deent';
 
     $me = 'sq_deent';
 
     /**
 
     /**
 
      * See if we have to run the checks first. All entities must start
 
      * See if we have to run the checks first. All entities must start
 
      * with "&".
 
      * with "&".
 
      */
 
      */
 
-    if (strpos($attvalue, "&") === false){
 
+    if (strpos($attvalue, '&') === false){
 
         return $attvalue;
 
         return $attvalue;
 
     }
 
     }
 
     /**
 
     /**
 
@@ -1299,22 +1301,22 @@ function sq_deent($attvalue){
 
      * Leave " in, as it can mess us up.
 
      * Leave " in, as it can mess us up.
 
      */
 
      */
 
     $trans = array_flip($trans);
 
     $trans = array_flip($trans);
 
-    unset($trans{"""});
 
+    unset($trans{'"'});
 
     while (list($ent, $val) = each($trans)){
 
     while (list($ent, $val) = each($trans)){
 
-        $attvalue = preg_replace("/$ent*(\W)/si", "$val\\1", $attvalue);
 
+        $attvalue = preg_replace('/' . $ent . '*/si', $val, $attvalue);
 
     }
 
     }
 
     /**
 
     /**
 
      * Now translate numbered entities from 1 to 255 if needed.
 
      * Now translate numbered entities from 1 to 255 if needed.
 
      */
 
      */
 
-    if (strpos($attvalue, "#") !== false){
 
+    if (strpos($attvalue, '#') !== false){
 
         $omit = Array(34, 39);
 
         $omit = Array(34, 39);
 
-        for ($asc=1; $asc<256; $asc++){
 
+        for ($asc = 256; $asc >= 0; $asc--){
 
             if (!in_array($asc, $omit)){
 
             if (!in_array($asc, $omit)){
 
                 $chr = chr($asc);
 
                 $chr = chr($asc);
 
-                $attvalue = preg_replace("/\&#0*$asc;*(\D)/si", "$chr\\1",
 
-                                         $attvalue);
 
-                $attvalue = preg_replace("/\&#x0*".dechex($asc).";*(\W)/si",
 
-                                         "$chr\\1", $attvalue);
 
+                $octrule = '/\&#0*' . $asc . ';*/si';
 
+                $hexrule = '/\&#x0*' . dechex($asc) . ';*/si';
 
+                $attvalue = preg_replace($octrule, $chr, $attvalue);
 
+                $attvalue = preg_replace($hexrule, $chr, $attvalue);
 
             }
 
             }
 
         }
 
         }
 
     }
 
     }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5