head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.1.0.4 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2012.03.22.14.56.20; author taca; state dead; branches; next 1.1; 1.1 date 2011.10.10.16.35.11; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2011.10.10.16.35.11; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2011.10.10.18.03.11; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove contao29. Please switch to contao211 (or contao210). @ text @$NetBSD: patch-system_libraries_Input.php,v 1.1 2011/10/10 16:35:11 taca Exp $ * Fix potential XSS vulnerability, r1044. --- system/libraries/Input.php.orig 2011-03-02 13:03:27.000000000 +0000 +++ system/libraries/Input.php @@@@ -54,9 +54,14 @@@@ class Input /** - * Prevent direct instantiation (Singleton) + * Clean the keys of the request arrays */ - protected function __construct() {} + protected function __construct() + { + $_GET = $this->cleanKey($_GET); + $_POST = $this->cleanKey($_POST); + $_COOKIE = $this->cleanKey($_COOKIE); + } /** @@@@ -234,6 +239,8 @@@@ class Input */ public function setGet($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['getEncoded'][$strKey]); unset($this->arrCache['getDecoded'][$strKey]); @@@@ -255,6 +262,8 @@@@ class Input */ public function setPost($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['postEncoded'][$strKey]); unset($this->arrCache['postDecoded'][$strKey]); unset($this->arrCache['postRaw'][$strKey]); @@@@ -277,6 +286,8 @@@@ class Input */ public function setCookie($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['cookieEncoded'][$strKey]); unset($this->arrCache['cookieDecoded'][$strKey]); @@@@ -301,6 +312,42 @@@@ class Input /** + * Sanitize a key name or an array (thanks to Andreas Schempp) + * @@param mixed + * @@return mixed + */ + protected function cleanKey($varValue) + { + // Recursively clean arrays + if (is_array($varValue)) + { + $return = array(); + + foreach ($varValue as $k=>$v) + { + $k = $this->cleanKey($k); + + if (is_array($v)) + { + $v = $this->cleanKey($v); + } + + $return[$k] = $v; + } + + return $return; + } + + $varValue = $this->stripSlashes($varValue); + $varValue = $this->decodeEntities($varValue); + $varValue = $this->xssClean($varValue, true); + $varValue = $this->stripTags($varValue); + + return $varValue; + } + + + /** * Strip slashes * @@param mixed * @@return mixed @ 1.1 log @Add update patche to fix XSS from Contao's repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-system_libraries_Input.php was added on branch pkgsrc-2011Q3 on 2011-10-10 18:03:11 +0000 @ text @d1 93 @ 1.1.2.2 log @Pullup ticket #3551 - requested by taca www/contao29: security patch Revisions pulled up: - www/contao29/Makefile 1.18 - www/contao29/distinfo 1.11 - www/contao29/patches/patch-system_libraries_Input.php 1.1 - www/contao29/patches/patch-system_modules_frontend_Frontend.php 1.2 - www/contao29/patches/patch-system_modules_frontend_ModuleArticlenav.php 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Oct 10 16:35:11 UTC 2011 Modified Files: pkgsrc/www/contao29: Makefile distinfo pkgsrc/www/contao29/patches: patch-system_modules_frontend_Frontend.php Added Files: pkgsrc/www/contao29/patches: patch-system_libraries_Input.php patch-system_modules_frontend_ModuleArticlenav.php Log Message: Add update patche to fix XSS from Contao's repository. Bump PKGREVISION. @ text @a0 93 $NetBSD$ * Fix potential XSS vulnerability, r1044. --- system/libraries/Input.php.orig 2011-03-02 13:03:27.000000000 +0000 +++ system/libraries/Input.php @@@@ -54,9 +54,14 @@@@ class Input /** - * Prevent direct instantiation (Singleton) + * Clean the keys of the request arrays */ - protected function __construct() {} + protected function __construct() + { + $_GET = $this->cleanKey($_GET); + $_POST = $this->cleanKey($_POST); + $_COOKIE = $this->cleanKey($_COOKIE); + } /** @@@@ -234,6 +239,8 @@@@ class Input */ public function setGet($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['getEncoded'][$strKey]); unset($this->arrCache['getDecoded'][$strKey]); @@@@ -255,6 +262,8 @@@@ class Input */ public function setPost($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['postEncoded'][$strKey]); unset($this->arrCache['postDecoded'][$strKey]); unset($this->arrCache['postRaw'][$strKey]); @@@@ -277,6 +286,8 @@@@ class Input */ public function setCookie($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['cookieEncoded'][$strKey]); unset($this->arrCache['cookieDecoded'][$strKey]); @@@@ -301,6 +312,42 @@@@ class Input /** + * Sanitize a key name or an array (thanks to Andreas Schempp) + * @@param mixed + * @@return mixed + */ + protected function cleanKey($varValue) + { + // Recursively clean arrays + if (is_array($varValue)) + { + $return = array(); + + foreach ($varValue as $k=>$v) + { + $k = $this->cleanKey($k); + + if (is_array($v)) + { + $v = $this->cleanKey($v); + } + + $return[$k] = $v; + } + + return $return; + } + + $varValue = $this->stripSlashes($varValue); + $varValue = $this->decodeEntities($varValue); + $varValue = $this->xssClean($varValue, true); + $varValue = $this->stripTags($varValue); + + return $varValue; + } + + + /** * Strip slashes * @@param mixed * @@return mixed @