executing it blindly. This code was fixed originally, but apparently some
how didn't work right. I checked on HastyMail and did a file comparision,
and noticed that one version of the same filter doesn't use \W... on removal
of that in the regex, the function seemed to correctly strip out bad functions
See http://www.securityfocus.com/archive/1/340118 for further information.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6268
7612ce4b-ef26-0410-bec9-
ea0150e637f0
/**
* Remove any backslashes. See if there are any first.
*/
/**
* Remove any backslashes. See if there are any first.
*/
if (strstr($attvalue, '\\') !== false){
$attvalue = stripslashes($attvalue);
}
if (strstr($attvalue, '\\') !== false){
$attvalue = stripslashes($attvalue);
}
* @param $attvalue A string to run entity check against.
* @return Translated value.
*/
* @param $attvalue A string to run entity check against.
* @return Translated value.
*/
function sq_deent($attvalue){
$me = 'sq_deent';
/**
* See if we have to run the checks first. All entities must start
* with "&".
*/
function sq_deent($attvalue){
$me = 'sq_deent';
/**
* See if we have to run the checks first. All entities must start
* with "&".
*/
- if (strpos($attvalue, "&") === false){
+ if (strpos($attvalue, '&') === false){
* Leave " in, as it can mess us up.
*/
$trans = array_flip($trans);
* Leave " in, as it can mess us up.
*/
$trans = array_flip($trans);
- unset($trans{"""});
+ unset($trans{'"'});
while (list($ent, $val) = each($trans)){
while (list($ent, $val) = each($trans)){
- $attvalue = preg_replace("/$ent*(\W)/si", "$val\\1", $attvalue);
+ $attvalue = preg_replace('/' . $ent . '*/si', $val, $attvalue);
}
/**
* Now translate numbered entities from 1 to 255 if needed.
*/
}
/**
* Now translate numbered entities from 1 to 255 if needed.
*/
- if (strpos($attvalue, "#") !== false){
+ if (strpos($attvalue, '#') !== false){
- for ($asc=1; $asc<256; $asc++){
+ for ($asc = 256; $asc >= 0; $asc--){
if (!in_array($asc, $omit)){
$chr = chr($asc);
if (!in_array($asc, $omit)){
$chr = chr($asc);
- $attvalue = preg_replace("/\�*$asc;*(\D)/si", "$chr\\1",
- $attvalue);
- $attvalue = preg_replace("/\�*".dechex($asc).";*(\W)/si",
- "$chr\\1", $attvalue);
+ $octrule = '/\�*' . $asc . ';*/si';
+ $hexrule = '/\�*' . dechex($asc) . ';*/si';
+ $attvalue = preg_replace($octrule, $chr, $attvalue);
+ $attvalue = preg_replace($hexrule, $chr, $attvalue);