diff options
author | Jim Hu <jimhu@users.sourceforge.net> | 2007-05-16 22:20:47 +0000 |
---|---|---|
committer | Jim Hu <jimhu@users.sourceforge.net> | 2007-05-16 22:20:47 +0000 |
commit | 6d325063ea9a71890596b95871bde04797fd2c3d (patch) | |
tree | 29b72e5337ae9f53bbc0bfd553d43e55880aeef2 /functions | |
parent | 2f80cc0fecd6a2f495a6cc843c36c7d5e0dc8565 (diff) | |
download | phpicalendar-6d325063ea9a71890596b95871bde04797fd2c3d.tar.gz phpicalendar-6d325063ea9a71890596b95871bde04797fd2c3d.tar.bz2 phpicalendar-6d325063ea9a71890596b95871bde04797fd2c3d.zip |
fix xss vulnerability by adding sanitizer for input vars from post, get, cookie, request
Diffstat (limited to 'functions')
-rw-r--r-- | functions/init.inc.php | 1 | ||||
-rw-r--r-- | functions/sanitize.php | 53 |
2 files changed, 54 insertions, 0 deletions
diff --git a/functions/init.inc.php b/functions/init.inc.php index 96dc27b..619dfa5 100644 --- a/functions/init.inc.php +++ b/functions/init.inc.php @@ -14,6 +14,7 @@ $ALL_CALENDARS_COMBINED = 'all_calendars_combined971'; // Pull in the configuration and some functions. if (!defined('BASE')) define('BASE', './'); include_once(BASE.'config.inc.php'); +include_once(BASE.'functions/sanitize.php'); $cookie_name = 'phpicalendar_'.basename($default_path); if (isset($_COOKIE["$cookie_name"]) && !isset($_POST['unset'])) { diff --git a/functions/sanitize.php b/functions/sanitize.php new file mode 100644 index 0000000..5551d44 --- /dev/null +++ b/functions/sanitize.php @@ -0,0 +1,53 @@ +<?php +foreach ($_REQUEST as $key=>$val){ + switch ($key){ + case 'event_data': + # modify this to allow or disallow different HTML tags in event popups + $allowed = "<p><br><b><i><em><a><img><div><span><ul><ol><li><h1><h2><h3><h4><h5><h6><hr><em><strong><small><table><tr><td><th>"; + $val = strip_tags($val,$allowed) + break; + default: + # cpath + $val = strip_tags($val); + } + + $_REQUEST[$key] = $val; +} +foreach ($_POST as $key=>$val){ + switch ($key){ + case 'action': + $actions = array('login','logout','addupdate','delete'); + if (!in_array($val,$actions)) $val = ''; + break; + case 'date': + case 'time': + if (!is_int($val)) $val = ''; + break; + default: + $val = strip_tags($val); + } + $_POST[$key] = $val; + +} +foreach ($_GET as $key=>$val){ + switch ($key){ + case 'getdate': + if (!is_int($val)) $val = ''; + break; + default: + $val = strip_tags($val); + } + $_GET[$key] = $val; + +} +foreach ($_COOKIE as $key=>$val){ + switch ($key){ + case 'time': + if (!is_int($val)) $val = ''; + break; + default: + $val = strip_tags($val); + } + $_COOKIE[$key] = $val; +} +?>
\ No newline at end of file |