Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #yogosha9754

Browse Source
This commit is contained in:
Laurent Destailleur 2022-04-02 15:26:40 +02:00
parent 9c00115abe
commit d4accb97c5
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/admin/fckeditor.php
View File

@ -110,7 +110,8 @@ if (GETPOST('save', 'alpha')) {
$fckeditor_skin = GETPOST('fckeditor_skin', 'alpha');
if (!empty($fckeditor_skin)) {
if (!dolibarr_set_const($db, 'FCKEDITOR_SKIN', $fckeditor_skin, 'chaine', 0, '', $conf->entity)) {
$result = dolibarr_set_const($db, 'FCKEDITOR_SKIN', $fckeditor_skin, 'chaine', 0, '', $conf->entity);
if ($result <= 0) {
$error++;
}
} else {
@ -119,7 +120,8 @@ if (GETPOST('save', 'alpha')) {
$fckeditor_test = GETPOST('formtestfield', 'restricthtml');
if (!empty($fckeditor_test)) {
if (!dolibarr_set_const($db, 'FCKEDITOR_TEST', $fckeditor_test, 'chaine', 0, '', $conf->entity)) {
$result = dolibarr_set_const($db, 'FCKEDITOR_TEST', $fckeditor_test, 'chaine', 0, '', $conf->entity);
if ($result <= 0) {
$error++;
}
} else {
@ -129,7 +131,7 @@ if (GETPOST('save', 'alpha')) {
if (!$error) {
setEventMessages($langs->trans("SetupSaved"), null, 'mesgs');
} else {
setEventMessages($langs->trans("Error"), null, 'errors');
setEventMessages($langs->trans("Error").' '.$db->lasterror(), null, 'errors');
}
}

8
htdocs/main.inc.php
View File

@ -99,6 +99,7 @@ function testSqlAndScriptInject($val, $type)
return realCharForNumericEntities($m); }, $val);
// We clean html comments because some hacks try to obfuscate evil strings by inserting HTML comments. Example: on<!-- -->error=alert(1)
$val = preg_replace('/<!--[^>]*-->/', '', $val);
$val = preg_replace('/[\r\n]/', '', $val);
} while ($oldval != $val);
//print "type = ".$type." after decoding: ".$val."\n";
@ -106,7 +107,12 @@ function testSqlAndScriptInject($val, $type)
// We check string because some hacks try to obfuscate evil strings by inserting non printable chars. Example: 'java(ascci09)scr(ascii00)ipt' is processed like 'javascript' (whatever is place of evil ascii char)
// We should use dol_string_nounprintableascii but function is not yet loaded/available
$newval = preg_replace('/[\x00-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// Example of valid UTF8 chars:
// utf8=utf8mb3: '\x0A', '\x0D', '\x7E'
// utf8=utf8mb3: '\xE0\xA0\x80'
// utf8mb4: '\xF0\x9D\x84\x9E' (but this may be refused by the database insert if pagecode is utf8=utf8mb3)
$newval = preg_replace('/[\x00-\x09\x0B-\x0C\x0E-\x1F\x7F]/u', '', $val); // /u operator makes UTF8 valid characters being ignored so are not included into the replace
// Note that $newval may also be completely empty '' when non valid UTF8 are found.
if ($newval != $val) {
// If $val has changed after removing non valid UTF8 chars, it means we have an evil string.
$inj += 1;