Peter M. Groen / knowledgetree

Commit c4003cea016ddec3fc85d8ee858914d961a55e76

Authored by kevin_fourie
1 parent e7046542

Merged in from STABLE trunk... 

KTS-1978
"XSS Prevention by sanitizing inputs from users"
Added sanitize() to various user inputs. Thanks to John Hale for his work on this!

Committed By: Kevin
Reviewed By: Conrad

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6708 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 8 changed files with 27 additions and 27 deletions
lib/sanitize.inc
  View file @c4003ce
@@ -44,7 +44,9 @@ function sanitize($string) { @@ -44,7 +44,9 @@ function sanitize($string) {
44 } 44 }
45 45
46 // This might be a little too aggressive 46 // This might be a little too aggressive
47 - $pattern = "([^[:alpha:]|^_\.\ \:-])"; 47 + //$pattern = "([^[:alpha:]|^_\.\ \:-])";
  48 + // Allow numeric characters
  49 + $pattern = "([^[:alnum:]|^_\.\ \:-])";
48 return ereg_replace($pattern, '', $string); 50 return ereg_replace($pattern, '', $string);
49 } 51 }
50 52
lib/util/sanitize.inc
  View file @c4003ce
@@ -44,7 +44,9 @@ function sanitize($string) { @@ -44,7 +44,9 @@ function sanitize($string) {
44 } 44 }
45 45
46 // This might be a little too aggressive 46 // This might be a little too aggressive
47 - $pattern = "([^[:alpha:]|^_\.\ \:-])"; 47 + //$pattern = "([^[:alpha:]|^_\.\ \:-])";
  48 + // Allow numeric characters
  49 + $pattern = "([^[:alnum:]|^_\.\ \:-])";
48 return ereg_replace($pattern, '', $string); 50 return ereg_replace($pattern, '', $string);
49 } 51 }
50 52
plugins/ktcore/document/edit.php
  View file @c4003ce
@@ -40,9 +40,9 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php'); @@ -40,9 +40,9 @@ require_once(KT_LIB_DIR . '/documentmanagement/documentutil.inc.php');
40 require_once(KT_LIB_DIR . '/triggers/triggerregistry.inc.php'); 40 require_once(KT_LIB_DIR . '/triggers/triggerregistry.inc.php');
41 require_once(KT_LIB_DIR . '/permissions/permission.inc.php'); 41 require_once(KT_LIB_DIR . '/permissions/permission.inc.php');
42 require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php'); 42 require_once(KT_LIB_DIR . '/permissions/permissionutil.inc.php');
43 -  
44 require_once(KT_LIB_DIR . "/widgets/forms.inc.php"); 43 require_once(KT_LIB_DIR . "/widgets/forms.inc.php");
45 require_once(KT_LIB_DIR . "/metadata/fieldsetregistry.inc.php"); 44 require_once(KT_LIB_DIR . "/metadata/fieldsetregistry.inc.php");
  45 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
46 46
47 // {{{ KTDocumentEditAction 47 // {{{ KTDocumentEditAction
48 class KTDocumentEditAction extends KTDocumentAction { 48 class KTDocumentEditAction extends KTDocumentAction {
@@ -191,7 +191,7 @@ class KTDocumentEditAction extends KTDocumentAction { @@ -191,7 +191,7 @@ class KTDocumentEditAction extends KTDocumentAction {
191 if ($this->oDocument->getDocumentTypeId() != $doctypeid) { 191 if ($this->oDocument->getDocumentTypeId() != $doctypeid) {
192 $this->oDocument->setDocumentTypeId($doctypeid); 192 $this->oDocument->setDocumentTypeId($doctypeid);
193 } 193 }
194 - $this->oDocument->setName($data['document_title']); 194 + $this->oDocument->setName(sanitize($data['document_title']));
195 $res = $this->oDocument->update(); 195 $res = $this->oDocument->update();
196 if (PEAR::isError($res)) { 196 if (PEAR::isError($res)) {
197 $oForm->handleError(sprintf(_kt("Unexpected failure to update document title: %s"), $res->getMessage())); 197 $oForm->handleError(sprintf(_kt("Unexpected failure to update document title: %s"), $res->getMessage()));
plugins/ktcore/folder/Rename.php
  View file @c4003ce
@@ -30,13 +30,12 @@ @@ -30,13 +30,12 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . '/actions/folderaction.inc.php'); 32 require_once(KT_LIB_DIR . '/actions/folderaction.inc.php');
33 -  
34 require_once(KT_LIB_DIR . "/widgets/fieldsetDisplay.inc.php"); 33 require_once(KT_LIB_DIR . "/widgets/fieldsetDisplay.inc.php");
35 require_once(KT_LIB_DIR . "/widgets/FieldsetDisplayRegistry.inc.php"); 34 require_once(KT_LIB_DIR . "/widgets/FieldsetDisplayRegistry.inc.php");
36 require_once(KT_LIB_DIR . "/foldermanagement/folderutil.inc.php"); 35 require_once(KT_LIB_DIR . "/foldermanagement/folderutil.inc.php");
37 require_once(KT_LIB_DIR . "/documentmanagement/observers.inc.php"); 36 require_once(KT_LIB_DIR . "/documentmanagement/observers.inc.php");
38 -  
39 require_once(KT_LIB_DIR . "/documentmanagement/documentutil.inc.php"); 37 require_once(KT_LIB_DIR . "/documentmanagement/documentutil.inc.php");
  38 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
40 39
41 class KTFolderRenameAction extends KTFolderAction { 40 class KTFolderRenameAction extends KTFolderAction {
42 var $sName = 'ktcore.actions.folder.rename'; 41 var $sName = 'ktcore.actions.folder.rename';
@@ -88,8 +87,7 @@ class KTFolderRenameAction extends KTFolderAction { @@ -88,8 +87,7 @@ class KTFolderRenameAction extends KTFolderAction {
88 } 87 }
89 } 88 }
90 89
91 - $res = KTFolderUtil::rename($this->oFolder, $sFolderName, $this->oUser);  
92 - 90 + $res = KTDocumentUtil::rename($this->oDocument, sanitize($sFilename), $this->oUser);
93 if (PEAR::isError($res)) { 91 if (PEAR::isError($res)) {
94 $_SESSION['KTErrorMessage'][] = $res->getMessage(); 92 $_SESSION['KTErrorMessage'][] = $res->getMessage();
95 redirect(KTBrowseUtil::getUrlForFolder($this->oFolder)); 93 redirect(KTBrowseUtil::getUrlForFolder($this->oFolder));
plugins/ktcore/folder/addDocument.php
  View file @c4003ce
@@ -30,15 +30,13 @@ @@ -30,15 +30,13 @@
30 */ 30 */
31 31
32 require_once(KT_LIB_DIR . '/actions/folderaction.inc.php'); 32 require_once(KT_LIB_DIR . '/actions/folderaction.inc.php');
33 -  
34 require_once(KT_LIB_DIR . "/widgets/fieldsetDisplay.inc.php"); 33 require_once(KT_LIB_DIR . "/widgets/fieldsetDisplay.inc.php");
35 require_once(KT_LIB_DIR . "/widgets/FieldsetDisplayRegistry.inc.php"); 34 require_once(KT_LIB_DIR . "/widgets/FieldsetDisplayRegistry.inc.php");
36 require_once(KT_LIB_DIR . "/foldermanagement/folderutil.inc.php"); 35 require_once(KT_LIB_DIR . "/foldermanagement/folderutil.inc.php");
37 require_once(KT_LIB_DIR . "/documentmanagement/observers.inc.php"); 36 require_once(KT_LIB_DIR . "/documentmanagement/observers.inc.php");
38 -  
39 require_once(KT_LIB_DIR . "/documentmanagement/documentutil.inc.php"); 37 require_once(KT_LIB_DIR . "/documentmanagement/documentutil.inc.php");
40 -  
41 require_once(KT_LIB_DIR . "/metadata/fieldsetregistry.inc.php"); 38 require_once(KT_LIB_DIR . "/metadata/fieldsetregistry.inc.php");
  39 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
42 40
43 class KTFolderAddDocumentAction extends KTFolderAction { 41 class KTFolderAddDocumentAction extends KTFolderAction {
44 var $sName = 'ktcore.actions.folder.addDocument'; 42 var $sName = 'ktcore.actions.folder.addDocument';
@@ -282,8 +280,8 @@ class KTFolderAddDocumentAction extends KTFolderAction { @@ -282,8 +280,8 @@ class KTFolderAddDocumentAction extends KTFolderAction {
282 ); 280 );
283 281
284 $aFile = $this->oValidator->validateFile($extra_d['file'], $aErrorOptions); 282 $aFile = $this->oValidator->validateFile($extra_d['file'], $aErrorOptions);
285 - $sTitle = $extra_d['document_name'];  
286 - 283 + $sTitle = sanitize($extra_d['document_name']);
  284 +
287 $iFolderId = $this->oFolder->getId(); 285 $iFolderId = $this->oFolder->getId();
288 $aOptions = array( 286 $aOptions = array(
289 'contents' => new KTFSFileLike($aFile['tmp_name']), 287 'contents' => new KTFSFileLike($aFile['tmp_name']),
plugins/ktstandard/KTDiscussion.php
  View file @c4003ce
@@ -32,7 +32,7 @@ @@ -32,7 +32,7 @@
32 require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php'); 32 require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
33 require_once(KT_LIB_DIR . '/discussions/DiscussionThread.inc'); 33 require_once(KT_LIB_DIR . '/discussions/DiscussionThread.inc');
34 require_once(KT_LIB_DIR . '/discussions/DiscussionComment.inc'); 34 require_once(KT_LIB_DIR . '/discussions/DiscussionComment.inc');
35 - 35 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
36 36
37 define('DISCUSSION_OPEN', 0); 37 define('DISCUSSION_OPEN', 0);
38 define('DISCUSSION_CONCLUSION', 1); 38 define('DISCUSSION_CONCLUSION', 1);
@@ -177,8 +177,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction { @@ -177,8 +177,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
177 $oComment = DiscussionComment::createFromArray(array( 177 $oComment = DiscussionComment::createFromArray(array(
178 'threadid' => $oThread->getId(), 178 'threadid' => $oThread->getId(),
179 'userid' => $this->oUser->getId(), 179 'userid' => $this->oUser->getId(),
180 - 'subject' => $sSubject,  
181 - 'body' => KTUtil::formatPlainText($sBody), 180 + 'subject' => sanitize($sSubject),
  181 + 'body' => sanitize(KTUtil::formatPlainText($sBody)),
182 )); 182 ));
183 $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread"); 183 $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
184 $this->oValidator->notError($oComment, $aErrorOptions); 184 $this->oValidator->notError($oComment, $aErrorOptions);
@@ -306,8 +306,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction { @@ -306,8 +306,8 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
306 $oComment = DiscussionComment::createFromArray(array( 306 $oComment = DiscussionComment::createFromArray(array(
307 'threadid' => $oThread->getId(), 307 'threadid' => $oThread->getId(),
308 'userid' => $this->oUser->getId(), 308 'userid' => $this->oUser->getId(),
309 - 'subject' => $sSubject,  
310 - 'body' => KTUtil::formatPlainText($sBody), 309 + 'subject' => sanitize($sSubject),
  310 + 'body' => sanitize(KTUtil::formatPlainText($sBody)),
311 )); 311 ));
312 $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread"); 312 $aErrorOptions['message'] = _kt("There was an error adding the comment to the thread");
313 $this->oValidator->notError($oComment, $aErrorOptions); 313 $this->oValidator->notError($oComment, $aErrorOptions);
@@ -387,7 +387,7 @@ class KTDocumentDiscussionAction extends KTDocumentAction { @@ -387,7 +387,7 @@ class KTDocumentDiscussionAction extends KTDocumentAction {
387 } 387 }
388 388
389 $aErrorOptions['message'] = _kt("No reason provided"); 389 $aErrorOptions['message'] = _kt("No reason provided");
390 - $sReason = $this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions); 390 + $sReason = sanitize($this->oValidator->validateString(KTUtil::arrayGet($_REQUEST, 'reason'), $aErrorOptions));
391 391
392 if($iStateId > $oThread->getState()) { 392 if($iStateId > $oThread->getState()) {
393 $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve'; 393 $sTransactionNamespace = 'ktcore.transactions.collaboration_step_approve';
search/simpleSearch.php
  View file @c4003ce
@@ -37,11 +37,10 @@ require_once(KT_LIB_DIR . "/util/ktutil.inc"); @@ -37,11 +37,10 @@ require_once(KT_LIB_DIR . "/util/ktutil.inc");
37 require_once(KT_LIB_DIR . "/browse/DocumentCollection.inc.php"); 37 require_once(KT_LIB_DIR . "/browse/DocumentCollection.inc.php");
38 require_once(KT_LIB_DIR . "/browse/BrowseColumns.inc.php"); 38 require_once(KT_LIB_DIR . "/browse/BrowseColumns.inc.php");
39 require_once(KT_LIB_DIR . "/browse/PartialQuery.inc.php"); 39 require_once(KT_LIB_DIR . "/browse/PartialQuery.inc.php");
40 -  
41 require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc"); 40 require_once(KT_LIB_DIR . "/foldermanagement/Folder.inc");
42 -  
43 require_once(KT_LIB_DIR . '/browse/columnregistry.inc.php'); 41 require_once(KT_LIB_DIR . '/browse/columnregistry.inc.php');
44 require_once(KT_LIB_DIR . '/actions/bulkaction.php'); 42 require_once(KT_LIB_DIR . '/actions/bulkaction.php');
  43 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
45 44
46 class SimpleSearchTitleColumn extends TitleColumn { 45 class SimpleSearchTitleColumn extends TitleColumn {
47 function setSearch($sSearch) { 46 function setSearch($sSearch) {
@@ -143,7 +142,7 @@ class SimpleSearchDispatcher extends KTStandardDispatcher { @@ -143,7 +142,7 @@ class SimpleSearchDispatcher extends KTStandardDispatcher {
143 $aErrorOptions = array( 142 $aErrorOptions = array(
144 "message" => _kt("Please provide a search term"), 143 "message" => _kt("Please provide a search term"),
145 ); 144 );
146 - $searchable_text = KTUtil::arrayGet($_REQUEST, "fSearchableText"); 145 + $searchable_text = sanitize(KTUtil::arrayGet($_REQUEST, "fSearchableText"));
147 $this->oValidator->notEmpty($searchable_text, $aErrorOptions); 146 $this->oValidator->notEmpty($searchable_text, $aErrorOptions);
148 147
149 148
view.php
  View file @c4003ce
@@ -35,6 +35,7 @@ require_once(KT_LIB_DIR . "/templating/kt3template.inc.php"); @@ -35,6 +35,7 @@ require_once(KT_LIB_DIR . "/templating/kt3template.inc.php");
35 require_once(KT_LIB_DIR . "/dispatcher.inc.php"); 35 require_once(KT_LIB_DIR . "/dispatcher.inc.php");
36 require_once(KT_LIB_DIR . "/util/ktutil.inc"); 36 require_once(KT_LIB_DIR . "/util/ktutil.inc");
37 require_once(KT_LIB_DIR . "/database/dbutil.inc"); 37 require_once(KT_LIB_DIR . "/database/dbutil.inc");
  38 +require_once(KT_LIB_DIR . "/util/sanitize.inc");
38 39
39 // document related includes 40 // document related includes
40 require_once(KT_LIB_DIR . "/documentmanagement/Document.inc"); 41 require_once(KT_LIB_DIR . "/documentmanagement/Document.inc");
@@ -94,12 +95,12 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { @@ -94,12 +95,12 @@ class ViewDocumentDispatcher extends KTStandardDispatcher {
94 function do_main() { 95 function do_main() {
95 // fix legacy, broken items. 96 // fix legacy, broken items.
96 if (KTUtil::arrayGet($_REQUEST, "fDocumentID", true) !== true) { 97 if (KTUtil::arrayGet($_REQUEST, "fDocumentID", true) !== true) {
97 - $_REQUEST["fDocumentId"] = KTUtil::arrayGet($_REQUEST, "fDocumentID"); 98 + $_REQUEST["fDocumentId"] = sanitize(KTUtil::arrayGet($_REQUEST, "fDocumentID"));
98 unset($_REQUEST["fDocumentID"]); 99 unset($_REQUEST["fDocumentID"]);
99 } 100 }
100 101
101 $document_data = array(); 102 $document_data = array();
102 - $document_id = KTUtil::arrayGet($_REQUEST, 'fDocumentId'); 103 + $document_id = sanitize(KTUtil::arrayGet($_REQUEST, 'fDocumentId'));
103 if ($document_id === null) { 104 if ($document_id === null) {
104 $this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl())); 105 $this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
105 return $this->do_error(); 106 return $this->do_error();
@@ -250,7 +251,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { @@ -250,7 +251,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher {
250 function do_viewComparison() { 251 function do_viewComparison() {
251 252
252 $document_data = array(); 253 $document_data = array();
253 - $document_id = KTUtil::arrayGet($_REQUEST, 'fDocumentId'); 254 + $document_id = sanitize(KTUtil::arrayGet($_REQUEST, 'fDocumentId'));
254 if ($document_id === null) { 255 if ($document_id === null) {
255 $this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl())); 256 $this->oPage->addError(sprintf(_kt("No document was requested. Please <a href=\"%s\">browse</a> for one."), KTBrowseUtil::getBrowseBaseUrl()));
256 return $this->do_error(); 257 return $this->do_error();
@@ -258,7 +259,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { @@ -258,7 +259,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher {
258 259
259 $document_data["document_id"] = $document_id; 260 $document_data["document_id"] = $document_id;
260 261
261 - $base_version = KTUtil::arrayGet($_REQUEST, 'fBaseVersion'); 262 + $base_version = sanitize(KTUtil::arrayGet($_REQUEST, 'fBaseVersion'));
262 263
263 // try get the document. 264 // try get the document.
264 $oDocument =& Document::get($document_id, $base_version); 265 $oDocument =& Document::get($document_id, $base_version);
@@ -283,7 +284,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { @@ -283,7 +284,7 @@ class ViewDocumentDispatcher extends KTStandardDispatcher {
283 $this->aBreadcrumbs = array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForDocument($oDocument, $aOptions)); 284 $this->aBreadcrumbs = array_merge($this->aBreadcrumbs, KTBrowseUtil::breadcrumbsForDocument($oDocument, $aOptions));
284 $this->oPage->setBreadcrumbDetails(_kt("compare versions")); 285 $this->oPage->setBreadcrumbDetails(_kt("compare versions"));
285 286
286 - $comparison_version = KTUtil::arrayGet($_REQUEST, 'fComparisonVersion'); 287 + $comparison_version = sanitize(KTUtil::arrayGet($_REQUEST, 'fComparisonVersion'));
287 if ($comparison_version=== null) { 288 if ($comparison_version=== null) {
288 $this->oPage->addError(sprintf(_kt("No comparison version was requested. Please <a href=\"%s\">select a version</a>."), KTUtil::addQueryStringSelf('action=history&fDocumentId=' . $document_id))); 289 $this->oPage->addError(sprintf(_kt("No comparison version was requested. Please <a href=\"%s\">select a version</a>."), KTUtil::addQueryStringSelf('action=history&fDocumentId=' . $document_id)));
289 return $this->do_error(); 290 return $this->do_error();