Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #62: Comments weren't sanitized properly. Thanks, @Illevyard!

Browse Source
This commit is contained in:
azett 2020-04-17 12:53:32 +02:00
parent a1f7aaad1f
commit 2139287c05
2 changed files with 182 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
comments.php
View File

@ -82,7 +82,7 @@ function comment_validate() {
* ); * );
*/ */
$content = isset($_POST ['content']) ? trim(stripslashes($_POST ['content'])) : null; $content = isset($_POST ['content']) ? trim(addslashes($_POST ['content'])) : null;
$errors = array(); $errors = array();

45
fp-includes/core/core.comment.php
View File

@ -25,7 +25,6 @@
} }
/** /**
* function bdb_get_comments * function bdb_get_comments
* *
@ -33,7 +32,8 @@
* the entry ID in $id</p> * the entry ID in $id</p>
* <p>On failure returns false</p> * <p>On failure returns false</p>
* *
* @param string $id string formatted like "prefixYYMMDD-HHMMSS.EXT" * @param string $id
* string formatted like "prefixYYMMDD-HHMMSS.EXT"
* @return mixed * @return mixed
* *
* @see bdb_idtofile() * @see bdb_idtofile()
@ -41,16 +41,13 @@
function comment_getlist($id) { function comment_getlist($id) {
$obj = new comment_indexer($id); // todo change syntax $obj = new comment_indexer($id); // todo change syntax
return $obj->getList(); return $obj->getList();
} }
function comment_parse($entryid, $id) { function comment_parse($entryid, $id) {
$f = comment_exists($entryid, $id); $f = comment_exists($entryid, $id);
if (!$f)
if (!$f) return false; return false;
$fc = io_load_file($f); $fc = io_load_file($f);
$arr = utils_kexplode($fc); $arr = utils_kexplode($fc);
@ -59,34 +56,32 @@
// hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else // hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else
// $arr['ip_address'] = $arr['ip-address']; // $arr['ip_address'] = $arr['ip-address'];
return array_change_key_case($arr, CASE_LOWER); return array_change_key_case($arr, CASE_LOWER);
} }
function comment_exists($entryid, $id) { function comment_exists($entryid, $id) {
if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id)) if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id))
return false; return false;
$f = entry_exists($entryid); $f = entry_exists($entryid);
if (!$f) return false; if (!$f)
return false;
$f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id . EXT; $f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id . EXT;
if (!file_exists($f2)) return false; if (!file_exists($f2))
return false;
return $f2; return $f2;
} }
function comment_clean(&$arr) { function comment_clean(&$arr) {
$arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name'])); $arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
if (isset($arr ['email'])) if (isset($arr ['email']))
$arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']); $arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
if (isset($arr ['url'])) if (isset($arr ['url']))
$arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']); $arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
$arr['content'] = apply_filters('pre_comment_content', stripslashes($arr['content'])); $arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
return $arr; return $arr;
} }
/** /**
* function bdb_save_comment * function bdb_save_comment
* *
@ -94,14 +89,15 @@
* <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p> * <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p>
* <p>Returns true on success, or false on failure</p> * <p>Returns true on success, or false on failure</p>
* *
* @param string $id string formatted like "prefixYYMMDD-HHMMSS" * @param string $id
* @param array $comment array formatted as the one returned by {@link bdb_parse_entry()} * string formatted like "prefixYYMMDD-HHMMSS"
* @param array $comment
* array formatted as the one returned by {@link bdb_parse_entry()}
* @return bool * @return bool
* *
* @see bdb_parse_entry() * @see bdb_parse_entry()
*/ */
function comment_save($id, $comment) { function comment_save($id, $comment) {
comment_clean($comment); comment_clean($comment);
$comment = array_change_key_case($comment, CASE_UPPER); $comment = array_change_key_case($comment, CASE_UPPER);
@ -116,23 +112,19 @@
if (io_write_file($f, $str)) if (io_write_file($f, $str))
return $id; return $id;
return false; return false;
} }
/** /**
* function comment_delete * function comment_delete
* *
* <p>Deletes the $id comment</p> * <p>Deletes the $id comment</p>
* <p>Returns true on success, or false on failure</p> * <p>Returns true on success, or false on failure</p>
* *
* @param string $id string formatted like "entryYYMMDD-HHMMSS" * @param string $id
* @param string $comment_id string representig comment id as in "commentYYMMDD-HHMMSS" * string formatted like "entryYYMMDD-HHMMSS"
* @param string $comment_id
* string representig comment id as in "commentYYMMDD-HHMMSS"
* @return bool * @return bool
* *
* @see entry_delete() * @see entry_delete()
@ -144,13 +136,10 @@
return fs_delete($f); return fs_delete($f);
} }
function dummy_comment($val) { function dummy_comment($val) {
return $val; return $val;
} }
add_filter('comment_validate', 'dummy_comment'); add_filter('comment_validate', 'dummy_comment');
?> ?>