Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for #62: Comments weren't sanitized properly. Thanks, @Illevyard!

Browse Source
This commit is contained in:
azett 2020-04-17 12:53:32 +02:00
parent a1f7aaad1f
commit 2139287c05
2 changed files with 182 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
comments.php
View File

@ -2,9 +2,9 @@
if (!defined('MOD_INDEX')) { if (!defined('MOD_INDEX')) {
include 'defaults.php'; include 'defaults.php';
include INCLUDES_DIR . 'includes.php'; include INCLUDES_DIR . 'includes.php';
/* backward compatibility */ /* backward compatibility */
if (!@$_GET ['entry']) { if (!@$_GET ['entry']) {
@utils_redirect(); @utils_redirect();
} else { } else {
@ -17,19 +17,19 @@ $module = comment_main($module);
function comment_main($module) { function comment_main($module) {
global $fpdb, $fp_params; global $fpdb, $fp_params;
// hackish solution to get title before fullparse starts dunno, I don't like it // hackish solution to get title before fullparse starts dunno, I don't like it
$q = & $fpdb->getQuery(); $q = & $fpdb->getQuery();
list ($id, $entry) = @$q->peekEntry(); list ($id, $entry) = @$q->peekEntry();
if (!$entry) if (!$entry)
return $module; return $module;
if (!empty($fp_params ['feed'])) { if (!empty($fp_params ['feed'])) {
switch ($fp_params ['feed']) { switch ($fp_params ['feed']) {
case 'atom': case 'atom':
header('Content-type: application/atom+xml'); header('Content-type: application/atom+xml');
$module = SHARED_TPLS . 'comment-atom.tpl'; $module = SHARED_TPLS . 'comment-atom.tpl';
@ -40,10 +40,10 @@ function comment_main($module) {
$module = SHARED_TPLS . 'comment-rss.tpl'; $module = SHARED_TPLS . 'comment-rss.tpl';
} }
} elseif (!in_array('commslock', $entry ['categories'])) { } elseif (!in_array('commslock', $entry ['categories'])) {
commentform(); commentform();
} }
return $module; return $module;
} }
@ -68,11 +68,11 @@ add_filter('wp_title', 'comment_pagetitle', 10, 2);
function comment_validate() { function comment_validate() {
global $smarty, $lang; global $smarty, $lang;
$lerr = & $lang ['comments'] ['error']; $lerr = & $lang ['comments'] ['error'];
$r = true; $r = true;
/* /*
* $lang['comments']['error'] = array( * $lang['comments']['error'] = array(
* 'name' => 'You must enter a name', * 'name' => 'You must enter a name',
@ -81,13 +81,13 @@ function comment_validate() {
* 'comment' => 'You must enter a comment', * 'comment' => 'You must enter a comment',
* ); * );
*/ */
$content = isset($_POST ['content']) ? trim(stripslashes($_POST ['content'])) : null; $content = isset($_POST ['content']) ? trim(addslashes($_POST ['content'])) : null;
$errors = array(); $errors = array();
$loggedin = false; $loggedin = false;
if (user_loggedin()) { if (user_loggedin()) {
$user = user_get(); $user = user_get();
$loggedin = $arr ['loggedin'] = true; $loggedin = $arr ['loggedin'] = true;
@ -98,54 +98,54 @@ function comment_validate() {
$name = trim(htmlspecialchars(@$_POST ['name'])); $name = trim(htmlspecialchars(@$_POST ['name']));
$email = isset($_POST ['email']) ? trim(htmlspecialchars($_POST ['email'])) : null; $email = isset($_POST ['email']) ? trim(htmlspecialchars($_POST ['email'])) : null;
$url = isset($_POST ['url']) ? trim(stripslashes(htmlspecialchars($_POST ['url']))) : null; $url = isset($_POST ['url']) ? trim(stripslashes(htmlspecialchars($_POST ['url']))) : null;
/* /*
* check name * check name
* *
*/ */
if (!$name) { if (!$name) {
$errors ['name'] = $lerr ['name']; $errors ['name'] = $lerr ['name'];
} }
/* /*
* check email * check email
* *
*/ */
if ($email) { if ($email) {
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$errors ['email'] = $lerr ['email']; $errors ['email'] = $lerr ['email'];
} }
} }
/* /*
* check url * check url
* *
*/ */
if ($url) { if ($url) {
if (!filter_var($url, FILTER_VALIDATE_URL)) { if (!filter_var($url, FILTER_VALIDATE_URL)) {
$errors ['url'] = $lerr ['www']; $errors ['url'] = $lerr ['www'];
} }
} }
} }
if (!$content) { if (!$content) {
$errors ['content'] = $lerr ['comment']; $errors ['content'] = $lerr ['comment'];
} }
if ($errors) { if ($errors) {
$smarty->assign('error', $errors); $smarty->assign('error', $errors);
return false; return false;
} }
$arr ['version'] = system_ver(); $arr ['version'] = system_ver();
$arr ['name'] = $name; $arr ['name'] = $name;
if (!$loggedin) if (!$loggedin)
setcookie('comment_author_' . COOKIEHASH, $arr ['name'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_' . COOKIEHASH, $arr ['name'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
if ($email) { if ($email) {
($arr ['email'] = $email); ($arr ['email'] = $email);
if (!$loggedin) if (!$loggedin)
@ -157,11 +157,11 @@ function comment_validate() {
setcookie('comment_author_url_' . COOKIEHASH, $arr ['url'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, $arr ['url'], time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
} }
$arr ['content'] = $content; $arr ['content'] = $content;
if ($v = utils_ipget()) { if ($v = utils_ipget()) {
$arr ['ip-address'] = $v; $arr ['ip-address'] = $v;
} }
if ($loggedin || apply_filters('comment_validate', true, $arr)) if ($loggedin || apply_filters('comment_validate', true, $arr))
return $arr; return $arr;
else else
@ -170,47 +170,47 @@ function comment_validate() {
function commentform() { function commentform() {
global $smarty, $lang, $fpdb, $fp_params; global $smarty, $lang, $fpdb, $fp_params;
$comment_formid = 'fp-comments'; $comment_formid = 'fp-comments';
$smarty->assign('comment_formid', $comment_formid); $smarty->assign('comment_formid', $comment_formid);
if (!empty($_POST)) { if (!empty($_POST)) {
// utils_nocache_headers(); // utils_nocache_headers();
// add http to url if not given // add http to url if not given
if (!empty($_POST ['url']) && strpos($_POST ['url'], 'http://') === false && strpos($_POST ['url'], 'https://') === false) if (!empty($_POST ['url']) && strpos($_POST ['url'], 'http://') === false && strpos($_POST ['url'], 'https://') === false)
$_POST ['url'] = 'http://' . $_POST ['url']; $_POST ['url'] = 'http://' . $_POST ['url'];
// custom hook here!! // custom hook here!!
if ($arr = comment_validate()) { if ($arr = comment_validate()) {
global $fp_config; global $fp_config;
$id = comment_save($fp_params ['entry'], $arr); $id = comment_save($fp_params ['entry'], $arr);
do_action('comment_post', $fp_params ['entry'], array( do_action('comment_post', $fp_params ['entry'], array(
$id, $id,
$arr $arr
)); ));
$q = new FPDB_Query(array( $q = new FPDB_Query(array(
'id' => $fp_params ['entry'], 'id' => $fp_params ['entry'],
'fullparse' => false 'fullparse' => false
), null); ), null);
list ($entryid, $e) = $q->getEntry(); list ($entryid, $e) = $q->getEntry();
if ($fp_config ['general'] ['notify'] && !user_loggedin()) { if ($fp_config ['general'] ['notify'] && !user_loggedin()) {
global $post; global $post;
$comm_mail = isset($arr ['email']) ? "<{$arr['email']}>" : ''; $comm_mail = isset($arr ['email']) ? "<{$arr['email']}>" : '';
$from_mail = $fp_config ['general'] ['email']; $from_mail = $fp_config ['general'] ['email'];
$post = $e; // plugin such as prettyurls might need this... $post = $e; // plugin such as prettyurls might need this...
$lang = lang_load('comments'); $lang = lang_load('comments');
$mail = str_replace(array( $mail = str_replace(array(
'%toname%', '%toname%',
'%fromname%', '%fromname%',
@ -228,20 +228,20 @@ function commentform() {
$arr ['content'], $arr ['content'],
$fp_config ['general'] ['title'] $fp_config ['general'] ['title']
), $lang ['comments'] ['mail']); ), $lang ['comments'] ['mail']);
@utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail); @utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail);
} }
// if comment is valid, this redirect will clean the postdata // if comment is valid, this redirect will clean the postdata
$location = str_replace('&amp;', '&', get_comments_link($entryid)) . '#' . $id; $location = str_replace('&amp;', '&', get_comments_link($entryid)) . '#' . $id;
utils_redirect($location, true); utils_redirect($location, true);
exit(); exit();
} else { } else {
$smarty->assign('values', $_POST); $smarty->assign('values', $_POST);
} }
} }
// Cookies // Cookies
$smarty->assign('cookie', array( $smarty->assign('cookie', array(
'name' => @$_COOKIE ['comment_author_' . COOKIEHASH], 'name' => @$_COOKIE ['comment_author_' . COOKIEHASH],

275
fp-includes/core/core.comment.php
View File

@ -1,156 +1,145 @@
<?php <?php
class comment_indexer extends fs_filelister { class comment_indexer extends fs_filelister {
function __construct($id) { function __construct($id) {
$f = bdb_idtofile($id,BDB_COMMENT); //todo change $f = bdb_idtofile($id, BDB_COMMENT); // todo change
$this->_directory = $f; $this->_directory = $f;
parent::__construct(); parent::__construct();
//substr(bdb_idtofile($id), -strlen(EXT)); // substr(bdb_idtofile($id), -strlen(EXT));
}
function _checkFile($directory, $file) {
$f = "$directory/$file";
if (fnmatch('comment*' . EXT, $file)) {
array_push($this->_list, basename($file, EXT));
return 0;
} }
function _checkFile($directory, $file) {
$f = "$directory/$file";
if (fnmatch('comment*'.EXT, $file)) {
array_push($this->_list, basename($file,EXT));
return 0;
}
}
// overrides parent method to return sorted results
function getList() {
sort($this->_list);
return parent::getList();
}
}
/**
* function bdb_get_comments
*
* <p>On success returns an array containing the comment <b>IDs</b>, associated to
* the entry ID in $id</p>
* <p>On failure returns false</p>
*
* @param string $id string formatted like "prefixYYMMDD-HHMMSS.EXT"
* @return mixed
*
* @see bdb_idtofile()
*/
function comment_getlist($id) {
$obj = new comment_indexer($id); //todo change syntax
return $obj->getList();
}
function comment_parse($entryid, $id) {
$f = comment_exists($entryid, $id);
if (!$f) return false;
$fc = io_load_file($f);
$arr = utils_kexplode($fc);
//$arr['EMAIL'] = apply_filters('comment_email', $arr['EMAIL']);
// hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else
//$arr['ip_address'] = $arr['ip-address'];
return array_change_key_case($arr, CASE_LOWER);
}
function comment_exists($entryid, $id) {
if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id))
return false;
$f = entry_exists($entryid);
if (!$f) return false;
$f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id.EXT;
if (!file_exists($f2)) return false;
return $f2;
} }
// overrides parent method to return sorted results
function comment_clean(&$arr) { function getList() {
$arr['name'] = apply_filters('pre_comment_author_name', stripslashes($arr['name'])); sort($this->_list);
if (isset($arr['email'])) return parent::getList();
$arr['email'] = apply_filters('pre_comment_author_email', $arr['email']);
if (isset($arr['url']))
$arr['url'] = apply_filters('pre_comment_author_url', $arr['url']);
$arr['content'] = apply_filters('pre_comment_content', stripslashes($arr['content']));
return $arr;
} }
}
/** /**
* function bdb_save_comment * function bdb_get_comments
* *
* <p>Saves the content of the $comment array, associating it to the entry-ID $id.</p> * <p>On success returns an array containing the comment <b>IDs</b>, associated to
* <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p> * the entry ID in $id</p>
* <p>Returns true on success, or false on failure</p> * <p>On failure returns false</p>
* *
* @param string $id string formatted like "prefixYYMMDD-HHMMSS" * @param string $id
* @param array $comment array formatted as the one returned by {@link bdb_parse_entry()} * string formatted like "prefixYYMMDD-HHMMSS.EXT"
* @return bool * @return mixed
* *
* @see bdb_parse_entry() * @see bdb_idtofile()
*/ */
function comment_save($id, $comment) { function comment_getlist($id) {
$obj = new comment_indexer($id); // todo change syntax
comment_clean($comment); return $obj->getList();
}
$comment = array_change_key_case($comment, CASE_UPPER);
function comment_parse($entryid, $id) {
$comment_dir = bdb_idtofile($id,BDB_COMMENT); $f = comment_exists($entryid, $id);
if (!isset($comment['DATE'])) if (!$f)
$comment['DATE'] = date_time();
$id = bdb_idfromtime(BDB_COMMENT, $comment['DATE']);
$f = $comment_dir . $id . EXT;
$str = utils_kimplode($comment);
if (io_write_file($f, $str))
return $id;
return false; return false;
}
$fc = io_load_file($f);
$arr = utils_kexplode($fc);
// $arr['EMAIL'] = apply_filters('comment_email', $arr['EMAIL']);
/** // hackish: dash to underscore for ip-address :( todo: clean this up here or somewhere else
* function comment_delete // $arr['ip_address'] = $arr['ip-address'];
* return array_change_key_case($arr, CASE_LOWER);
* <p>Deletes the $id comment</p> }
* <p>Returns true on success, or false on failure</p>
* function comment_exists($entryid, $id) {
* @param string $id string formatted like "entryYYMMDD-HHMMSS" if (!preg_match('|^comment[0-9]{6}-[0-9]{6}$|', $id))
* @param string $comment_id string representig comment id as in "commentYYMMDD-HHMMSS" return false;
* @return bool $f = entry_exists($entryid);
* if (!$f)
* @see entry_delete() return false;
*/
function comment_delete($id, $comment_id) { $f2 = substr($f, 0, -strlen(EXT)) . '/comments/' . $id . EXT;
do_action('comment_delete', $id, $comment_id); if (!file_exists($f2))
$comment_dir = bdb_idtofile($id,BDB_COMMENT); return false;
$f = $comment_dir . $comment_id .EXT;
return fs_delete($f); return $f2;
} }
function comment_clean(&$arr) {
function dummy_comment($val) { $arr ['name'] = apply_filters('pre_comment_author_name', stripslashes($arr ['name']));
return $val; if (isset($arr ['email']))
} $arr ['email'] = apply_filters('pre_comment_author_email', $arr ['email']);
if (isset($arr ['url']))
add_filter('comment_validate', 'dummy_comment'); $arr ['url'] = apply_filters('pre_comment_author_url', $arr ['url']);
$arr ['content'] = apply_filters('pre_comment_content', $arr ['content']);
return $arr;
}
/**
* function bdb_save_comment
*
* <p>Saves the content of the $comment array, associating it to the entry-ID $id.</p>
* <p>$comment must be formatted as the one returned by {@link bdb_parse_entry()}.</p>
* <p>Returns true on success, or false on failure</p>
*
* @param string $id
* string formatted like "prefixYYMMDD-HHMMSS"
* @param array $comment
* array formatted as the one returned by {@link bdb_parse_entry()}
* @return bool
*
* @see bdb_parse_entry()
*/
function comment_save($id, $comment) {
comment_clean($comment);
$comment = array_change_key_case($comment, CASE_UPPER);
$comment_dir = bdb_idtofile($id, BDB_COMMENT);
if (!isset($comment ['DATE']))
$comment ['DATE'] = date_time();
$id = bdb_idfromtime(BDB_COMMENT, $comment ['DATE']);
$f = $comment_dir . $id . EXT;
$str = utils_kimplode($comment);
if (io_write_file($f, $str))
return $id;
return false;
}
/**
* function comment_delete
*
* <p>Deletes the $id comment</p>
* <p>Returns true on success, or false on failure</p>
*
* @param string $id
* string formatted like "entryYYMMDD-HHMMSS"
* @param string $comment_id
* string representig comment id as in "commentYYMMDD-HHMMSS"
* @return bool
*
* @see entry_delete()
*/
function comment_delete($id, $comment_id) {
do_action('comment_delete', $id, $comment_id);
$comment_dir = bdb_idtofile($id, BDB_COMMENT);
$f = $comment_dir . $comment_id . EXT;
return fs_delete($f);
}
function dummy_comment($val) {
return $val;
}
add_filter('comment_validate', 'dummy_comment');
?> ?>