head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.6 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.4 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.2 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2011.11.08.12.15.54; author taca; state dead; branches; next 1.1; 1.1 date 2011.10.10.16.35.36; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2011.10.10.16.35.36; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2011.10.10.18.21.57; author tron; state Exp; branches; next ; desc @@ 1.2 log @Remove typolight28 packages, please migrate to contao210 package now. @ text @$NetBSD: patch-system_libraries_Input.php,v 1.1 2011/10/10 16:35:36 taca Exp $ * Fix potential XSS vulnerability, r1044. --- system/libraries/Input.php.orig 2010-04-12 13:08:16.000000000 +0000 +++ system/libraries/Input.php @@@@ -52,9 +52,14 @@@@ class Input /** - * Prevent direct instantiation (Singleton) + * Clean the keys of the request arrays */ - protected function __construct() {} + protected function __construct() + { + $_GET = $this->cleanKey($_GET); + $_POST = $this->cleanKey($_POST); + $_COOKIE = $this->cleanKey($_COOKIE); + } /** @@@@ -232,6 +237,8 @@@@ class Input */ public function setGet($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['getEncoded'][$strKey]); unset($this->arrCache['getDecoded'][$strKey]); @@@@ -246,6 +253,8 @@@@ class Input */ public function setPost($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['postEncoded'][$strKey]); unset($this->arrCache['postDecoded'][$strKey]); unset($this->arrCache['postRaw'][$strKey]); @@@@ -261,6 +270,8 @@@@ class Input */ public function setCookie($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['cookieEncoded'][$strKey]); unset($this->arrCache['cookieDecoded'][$strKey]); @@@@ -278,6 +289,42 @@@@ class Input /** + * Sanitize a key name or an array (thanks to Andreas Schempp) + * @@param mixed + * @@return mixed + */ + protected function cleanKey($varValue) + { + // Recursively clean arrays + if (is_array($varValue)) + { + $return = array(); + + foreach ($varValue as $k=>$v) + { + $k = $this->cleanKey($k); + + if (is_array($v)) + { + $v = $this->cleanKey($v); + } + + $return[$k] = $v; + } + + return $return; + } + + $varValue = $this->stripSlashes($varValue); + $varValue = $this->decodeEntities($varValue); + $varValue = $this->xssClean($varValue, true); + $varValue = $this->stripTags($varValue); + + return $varValue; + } + + + /** * Strip slashes * @@param mixed * @@return mixed @ 1.1 log @Add update patche to fix XSS from Contao's repository. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-system_libraries_Input.php was added on branch pkgsrc-2011Q3 on 2011-10-10 18:21:57 +0000 @ text @d1 93 @ 1.1.2.2 log @Pullup ticket #3553 - requested by taca www/typolight28: security patch Revisions pulled up: - www/typolight28/Makefile 1.16 - www/typolight28/distinfo 1.12 - www/typolight28/patches/patch-ad 1.3 - www/typolight28/patches/patch-system_libraries_Input.php 1.1 - www/typolight28/patches/patch-system_modules_frontend_ModuleArticlenav.php 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Oct 10 16:35:36 UTC 2011 Modified Files: pkgsrc/www/typolight28: Makefile distinfo pkgsrc/www/typolight28/patches: patch-ad Added Files: pkgsrc/www/typolight28/patches: patch-system_libraries_Input.php patch-system_modules_frontend_ModuleArticlenav.php Log Message: Add update patche to fix XSS from Contao's repository. Bump PKGREVISION. @ text @a0 93 $NetBSD$ * Fix potential XSS vulnerability, r1044. --- system/libraries/Input.php.orig 2010-04-12 13:08:16.000000000 +0000 +++ system/libraries/Input.php @@@@ -52,9 +52,14 @@@@ class Input /** - * Prevent direct instantiation (Singleton) + * Clean the keys of the request arrays */ - protected function __construct() {} + protected function __construct() + { + $_GET = $this->cleanKey($_GET); + $_POST = $this->cleanKey($_POST); + $_COOKIE = $this->cleanKey($_COOKIE); + } /** @@@@ -232,6 +237,8 @@@@ class Input */ public function setGet($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['getEncoded'][$strKey]); unset($this->arrCache['getDecoded'][$strKey]); @@@@ -246,6 +253,8 @@@@ class Input */ public function setPost($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['postEncoded'][$strKey]); unset($this->arrCache['postDecoded'][$strKey]); unset($this->arrCache['postRaw'][$strKey]); @@@@ -261,6 +270,8 @@@@ class Input */ public function setCookie($strKey, $varValue) { + $strKey = $this->cleanKey($strKey); + unset($this->arrCache['cookieEncoded'][$strKey]); unset($this->arrCache['cookieDecoded'][$strKey]); @@@@ -278,6 +289,42 @@@@ class Input /** + * Sanitize a key name or an array (thanks to Andreas Schempp) + * @@param mixed + * @@return mixed + */ + protected function cleanKey($varValue) + { + // Recursively clean arrays + if (is_array($varValue)) + { + $return = array(); + + foreach ($varValue as $k=>$v) + { + $k = $this->cleanKey($k); + + if (is_array($v)) + { + $v = $this->cleanKey($v); + } + + $return[$k] = $v; + } + + return $return; + } + + $varValue = $this->stripSlashes($varValue); + $varValue = $this->decodeEntities($varValue); + $varValue = $this->xssClean($varValue, true); + $varValue = $this->stripTags($varValue); + + return $varValue; + } + + + /** * Strip slashes * @@param mixed * @@return mixed @