--- a/includes/functions.php Fri Jun 22 18:42:26 2007 -0400
+++ b/includes/functions.php Sat Jun 23 09:55:58 2007 -0400
@@ -1443,6 +1443,12 @@
}
+ // Vulnerability from ha.ckers.org/xss.html:
+ // <script src="http://foo.com/xss.js"
+ // <
+ // The rule is so specific because everything else will have been filtered by now
+ $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html);
+
return $html;
}
@@ -1834,19 +1840,8 @@
function sanitize_page_id($page_id)
{
- // First, replace spaces with underscores
- $page_id = str_replace(' ', '_', $page_id);
-
- preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
-
- foreach ( $matches[0] as $id => $char )
- {
- $char = substr($char, 1);
- $char = strtolower($char);
- $char = intval(hexdec($char));
- $char = chr($char);
- $page_id = str_replace($matches[0][$id], $char, $page_id);
- }
+ // Remove character escapes
+ $page_id = dirtify_page_id($page_id);
$pid_clean = preg_replace('/[\w\/:;\(\)@\[\]_-]/', 'X', $page_id);
$pid_dirty = enano_str_split($pid_clean, 1);
@@ -1887,6 +1882,31 @@
}
/**
+ * Removes character escapes in a page ID string
+ * @param string Page ID string to dirty up
+ * @return string
+ */
+
+function dirtify_page_id($page_id)
+{
+ // First, replace spaces with underscores
+ $page_id = str_replace(' ', '_', $page_id);
+
+ preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
+
+ foreach ( $matches[0] as $id => $char )
+ {
+ $char = substr($char, 1);
+ $char = strtolower($char);
+ $char = intval(hexdec($char));
+ $char = chr($char);
+ $page_id = str_replace($matches[0][$id], $char, $page_id);
+ }
+
+ return $page_id;
+}
+
+/**
* Inserts commas into a number to make it more human-readable. Floating point-safe.
* @param int The number to process
* @return string Input number with commas added