From 0f3e763209348e6b1e34be71716029b8faaa0caf Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Fri, 9 Nov 2007 15:16:24 +0000 Subject: Added experimental PHP taint support to ITools --- it_html.class | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'it_html.class') diff --git a/it_html.class b/it_html.class index a73bba6..08904a8 100644 --- a/it_html.class +++ b/it_html.class @@ -220,13 +220,13 @@ function _parse_args($args) foreach ($arg as $key => $value) { if (is_int($key)) - $data .= $value; + $data .= it_taintcheck($value); else $p[$key] = $value; } } else - $data .= $arg; + $data .= it_taintcheck($arg); } return array($data, $p); @@ -265,7 +265,7 @@ function _tag($name, $args) if (($value === null) || ($value === false)) # null or false: omit whole tag ; else if (isset($value) && $value !== true) # normal case: value - $result .= " $key=\"" . (preg_match("/[<>&\"'\n\x80-\x9f]/", $value) ? str_replace("\n", " ", Q($value)) : $value) . '"'; + $result .= " $key=\"" . (preg_match("/[<>&\"'\n\x80-\x9f]/", $value) ? str_replace("\n", " ", Q($value)) : it_untaint($value)) . '"'; else # true: tag without value $result .= ($this->p['htmltype'] == 'html') ? " $key" : " $key=\"$key\""; } @@ -436,7 +436,7 @@ function u(/* ... */) list($base, $params) = it_html::_parse_args($args); if (!isset($base)) - $base = $_SERVER['PHP_SELF']; + it_untaint($base = $_SERVER['PHP_SELF']); $base = preg_replace('|\0|', '', $base); $base = preg_replace('|[^\w.+!*(),:?@&=/~$-]|e', 'urlencode("$0")', $base); -- cgit v1.2.3