Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #62: Comments weren't sanitized properly. Thanks, @Illevyard!

Browse Source
This commit is contained in:
azett 2020-04-17 12:53:32 +02:00
parent a1f7aaad1f
commit 2139287c05
2 changed files with 182 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
comments.php
View File

@ -82,7 +82,7 @@ function comment_validate() {
* ); * );
*/ */
$content = isset($_POST ['content']) ? trim(stripslashes($_POST ['content'])) : null; $content = isset($_POST ['content']) ? trim(addslashes($_POST ['content'])) : null;
$errors = array(); $errors = array();

123
fp-includes/core/core.comment.php
View File

@ -1,18 +1,18 @@
<?php <?php
class comment_indexer extends fs_filelister { class comment_indexer extends fs_filelister {
function __construct($id) { function __construct($id) {
$f = bdb_idtofile($id,BDB_COMMENT); //todo change $f = bdb_idtofile($id, BDB_COMMENT); // todo change
$this->_directory = $f; $this->_directory = $f;
parent::__construct(); parent::__construct();
//substr(bdb_idtofile($id), -strlen(EXT)); // substr(bdb_idtofile($id), -strlen(EXT));
} }
function _checkFile($directory, $file) { function _checkFile($directory, $file) {
$f = "$directory/$file"; $f = "$directory/$file";
if (fnmatch('comment*'.EXT, $file)) { if (fnmatch('comment*' . EXT, $file)) {
array_push($this->_list, basename($file,EXT)); array_push($this->_list, basename($file, EXT));
return 0; return 0;
} }
} }
@ -23,134 +23,123 @@
return parent::getList(); return parent::getList();
} }
} }
/**
/**
* function bdb_get_comments * function bdb_get_comments
* *
* <p>On success returns an array containing the comment <b>IDs</b>, associated to * <p>On success returns an array containing the comment <b>IDs</b>, associated to
* the entry ID in $id</p> * the entry ID in $id</p>
* <p>On failure returns false</p> * <p>On failure returns false</p>
* *
* @param string $id string formatted like "prefixYYMMDD-HHMMSS.EXT" * @param string $id
* string formatted like "prefixYYMMDD-HHMMSS.EXT"
* @return mixed * @return mixed
* *
* @see bdb_idtofile() * @see bdb_idtofile()
*/ */
function comment_getlist($id) { function comment_getlist($id) {
$obj = new comment_indexer($id); //todo change syntax $obj = new comment_indexer($id); // todo change syntax
return $obj->getList(); return $obj->getList();
}
} function comment_parse($entryid, $id) {
function comment_parse($entryid, $id) {
$f = comment_exists($entryid, $id); $f = comment_exists($entryid, $id);
if (!$f)
if (!$f) return false; return false;
$fc = io_load_file($f); $fc = io_load_file($f);
$arr = utils_kexplode($fc); $arr = utils_kexplode($fc);
//$arr['EMAIL'] = apply_filters('comment_email', $arr['EMAIL']); // $arr['EMAIL'] = apply_filters('comment_email', $arr['EMAIL']);
// hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else // hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else
//$arr['ip_address'] = $arr['ip-address']; // $arr['ip_address'] = $arr['ip-address'];
return array_change_key_case($arr, CASE_LOWER); return array_change_key_case($arr, CASE_LOWER);
}
} function comment_exists($entryid, $id) {
function comment_exists($entryid, $id) {
if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id)) if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id))
return false; return false;
$f = entry_exists($entryid); $f = entry_exists($entryid);
if (!$f) return false; if (!$f)
return false;
$f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id.EXT; $f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id . EXT;
if (!file_exists($f2)) return false; if (!file_exists($f2))
return false;
return $f2; return $f2;
}
} function comment_clean(&$arr) {
$arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
if (isset($arr ['email']))
function comment_clean(&$arr) { $arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
$arr['name'] = apply_filters('pre_comment_author_name', stripslashes($arr['name'])); if (isset($arr ['url']))
if (isset($arr['email'])) $arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
$arr['email'] = apply_filters('pre_comment_author_email', $arr['email']); $arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
if (isset($arr['url']))
$arr['url'] = apply_filters('pre_comment_author_url', $arr['url']);
$arr['content'] = apply_filters('pre_comment_content', stripslashes($arr['content']));
return $arr; return $arr;
} }
/**
/**
* function bdb_save_comment * function bdb_save_comment
* *
* <p>Saves the content of the $comment array, associating it to the entry-ID $id.</p> * <p>Saves the content of the $comment array, associating it to the entry-ID $id.</p>
* <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p> * <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p>
* <p>Returns true on success, or false on failure</p> * <p>Returns true on success, or false on failure</p>
* *
* @param string $id string formatted like "prefixYYMMDD-HHMMSS" * @param string $id
* @param array $comment array formatted as the one returned by {@link bdb_parse_entry()} * string formatted like "prefixYYMMDD-HHMMSS"
* @param array $comment
* array formatted as the one returned by {@link bdb_parse_entry()}
* @return bool * @return bool
* *
* @see bdb_parse_entry() * @see bdb_parse_entry()
*/ */
function comment_save($id, $comment) { function comment_save($id, $comment) {
comment_clean($comment); comment_clean($comment);
$comment = array_change_key_case($comment, CASE_UPPER); $comment = array_change_key_case($comment, CASE_UPPER);
$comment_dir = bdb_idtofile($id,BDB_COMMENT); $comment_dir = bdb_idtofile($id, BDB_COMMENT);
if (!isset($comment['DATE'])) if (!isset($comment ['DATE']))
$comment['DATE'] = date_time(); $comment ['DATE'] = date_time();
$id = bdb_idfromtime(BDB_COMMENT, $comment['DATE']); $id = bdb_idfromtime(BDB_COMMENT, $comment ['DATE']);
$f = $comment_dir . $id . EXT; $f = $comment_dir . $id . EXT;
$str = utils_kimplode($comment); $str = utils_kimplode($comment);
if (io_write_file($f, $str)) if (io_write_file($f, $str))
return $id; return $id;
return false; return false;
}
/**
}
/**
* function comment_delete * function comment_delete
* *
* <p>Deletes the $id comment</p> * <p>Deletes the $id comment</p>
* <p>Returns true on success, or false on failure</p> * <p>Returns true on success, or false on failure</p>
* *
* @param string $id string formatted like "entryYYMMDD-HHMMSS" * @param string $id
* @param string $comment_id string representig comment id as in "commentYYMMDD-HHMMSS" * string formatted like "entryYYMMDD-HHMMSS"
* @param string $comment_id
* string representig comment id as in "commentYYMMDD-HHMMSS"
* @return bool * @return bool
* *
* @see entry_delete() * @see entry_delete()
*/ */
function comment_delete($id, $comment_id) { function comment_delete($id, $comment_id) {
do_action('comment_delete', $id, $comment_id); do_action('comment_delete', $id, $comment_id);
$comment_dir = bdb_idtofile($id,BDB_COMMENT); $comment_dir = bdb_idtofile($id, BDB_COMMENT);
$f = $comment_dir . $comment_id .EXT; $f = $comment_dir . $comment_id . EXT;
return fs_delete($f); return fs_delete($f);
} }
function dummy_comment($val) {
function dummy_comment($val) {
return $val; return $val;
} }
add_filter('comment_validate', 'dummy_comment');
add_filter('comment_validate', 'dummy_comment');
?> ?>