diff options
| author | Christian Schneider | 2007-11-09 15:16:24 +0000 |
|---|---|---|
| committer | Christian Schneider | 2007-11-09 15:16:24 +0000 |
| commit | 0f3e763209348e6b1e34be71716029b8faaa0caf (patch) | |
| tree | 4a5f80b53b026aec80d0b2193fae88b8db92fe3c | |
| parent | 1214316cbf8d2e9c71d445ddb83184316f568394 (diff) | |
| download | itools-0f3e763209348e6b1e34be71716029b8faaa0caf.tar.gz itools-0f3e763209348e6b1e34be71716029b8faaa0caf.tar.bz2 itools-0f3e763209348e6b1e34be71716029b8faaa0caf.zip | |
Added experimental PHP taint support to ITools
| -rw-r--r-- | auto_prepend.php | 14 | ||||
| -rw-r--r-- | it_html.class | 8 | ||||
| -rw-r--r-- | itjs.php | 2 |
3 files changed, 19 insertions, 5 deletions
diff --git a/auto_prepend.php b/auto_prepend.php index 7d13289..192c743 100644 --- a/auto_prepend.php +++ b/auto_prepend.php @@ -149,4 +149,18 @@ function db_version() return in_array("db4", dba_handlers()) ? "db4" : "db2"; } +/** + * Experimental PHP taint support, see ftp://ftp.porcupine.org/pub/php/ + */ +if (function_exists("taint")) +{ + function it_untaint(&$value, $marks = TC_HTML) { untaint($value, $marks); return $value; } + function it_taintcheck(&$value, $marks = TC_HTML) { if (istainted($value) & $marks) { untaint($value, $marks); it::error("it_taintcheck($value, $marks) failed"); } return $value; } +} +else +{ + function it_untaint(&$value, $marks = 0) { return $value; } + function it_taintcheck(&$value, $marks = 0) { } +} + ?> diff --git a/it_html.class b/it_html.class index a73bba6..08904a8 100644 --- a/it_html.class +++ b/it_html.class @@ -220,13 +220,13 @@ function _parse_args($args) foreach ($arg as $key => $value) { if (is_int($key)) - $data .= $value; + $data .= it_taintcheck($value); else $p[$key] = $value; } } else - $data .= $arg; + $data .= it_taintcheck($arg); } return array($data, $p); @@ -265,7 +265,7 @@ function _tag($name, $args) if (($value === null) || ($value === false)) # null or false: omit whole tag ; else if (isset($value) && $value !== true) # normal case: value - $result .= " $key=\"" . (preg_match("/[<>&\"'\n\x80-\x9f]/", $value) ? str_replace("\n", " ", Q($value)) : $value) . '"'; + $result .= " $key=\"" . (preg_match("/[<>&\"'\n\x80-\x9f]/", $value) ? str_replace("\n", " ", Q($value)) : it_untaint($value)) . '"'; else # true: tag without value $result .= ($this->p['htmltype'] == 'html') ? " $key" : " $key=\"$key\""; } @@ -436,7 +436,7 @@ function u(/* ... */) list($base, $params) = it_html::_parse_args($args); if (!isset($base)) - $base = $_SERVER['PHP_SELF']; + it_untaint($base = $_SERVER['PHP_SELF']); $base = preg_replace('|\0|', '', $base); $base = preg_replace('|[^\w.+!*(),:?@&=/~$-]|e', 'urlencode("$0")', $base); @@ -73,7 +73,7 @@ if ($checksum != $_SERVER['HTTP_IF_NONE_MATCH']) $data .= sprintf("/*sln:% 8d*/", strlen($data) + 16); } - echo $data; + echo it_untaint($data); } else header("HTTP/1.0 304 Not Modified"); |