Skip to content

Commit

Permalink
Keeping up with the theme. Reworking logic to remove nested condition…
Browse files Browse the repository at this point in the history 
…als.
  • Loading branch information
@Mathewlenning
Mathewlenning committed Mar 6, 2015
1 parent 07a64bf commit 02ca083
Showing 1 changed file with 77 additions and 102 deletions.
179 changes: 77 additions & 102 deletions libraries/joomla/filter/input.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,28 +74,28 @@ class JFilterInput
* @since 11.1
*/
public $tagBlacklist = array(
'applet',
'body',
'bgsound',
'base',
'basefont',
'embed',
'frame',
'frameset',
'head',
'html',
'id',
'iframe',
'ilayer',
'layer',
'link',
'meta',
'name',
'object',
'script',
'style',
'title',
'xml'
'applet',
'body',
'bgsound',
'base',
'basefont',
'embed',
'frame',
'frameset',
'head',
'html',
'id',
'iframe',
'ilayer',
'layer',
'link',
'meta',
'name',
'object',
'script',
'style',
'title',
'xml'
);

/**
Expand All @@ -105,11 +105,11 @@ class JFilterInput
* @since 11.1
*/
public $attrBlacklist = array(
'action',
'background',
'codebase',
'dynsrc',
'lowsrc'
'action',
'background',
'codebase',
'dynsrc',
'lowsrc'
);

/**
Expand Down Expand Up @@ -283,21 +283,17 @@ public function clean($source, $type = 'string')
}

$result = $source;
break;
}
else

$result = $source;
// Or a string?
if (is_string($source) && !empty($source))
{
// Or a string?
if (is_string($source) && !empty($source))
{
// Filter source for XSS and other 'bad' code etc.
$result = $this->_remove($this->_decode($source));
}
else
{
// Not an array or string.. return the passed parameter
$result = $source;
}
// Filter source for XSS and other 'bad' code etc.
$result = $this->_remove($this->_decode($source));
}

break;
}

Expand All @@ -319,8 +315,8 @@ public static function checkAttribute($attrSubSet)
$attrSubSet[1] = strtolower($attrSubSet[1]);

return (((strpos($attrSubSet[1], 'expression') !== false) && ($attrSubSet[0]) == 'style') || (strpos($attrSubSet[1], 'javascript:') !== false) ||
(strpos($attrSubSet[1], 'behaviour:') !== false) || (strpos($attrSubSet[1], 'vbscript:') !== false) ||
(strpos($attrSubSet[1], 'mocha:') !== false) || (strpos($attrSubSet[1], 'livescript:') !== false));
(strpos($attrSubSet[1], 'behaviour:') !== false) || (strpos($attrSubSet[1], 'vbscript:') !== false) ||
(strpos($attrSubSet[1], 'mocha:') !== false) || (strpos($attrSubSet[1], 'livescript:') !== false));
}

/**
Expand Down Expand Up @@ -417,20 +413,17 @@ protected function _cleanTags($source)
$attrSet = array();
$currentSpace = strpos($tagLeft, ' ');

// Are we an open tag or a close tag?
// Assume it is an opening tag
$isCloseTag = false;
list ($tagName) = explode(' ', $currentTag);

// Then check if it is a closing tag
if (substr($currentTag, 0, 1) == '/')
{
// Close Tag
$isCloseTag = true;
list ($tagName) = explode(' ', $currentTag);
$tagName = substr($tagName, 1);
}
else
{
// Open Tag
$isCloseTag = false;
list ($tagName) = explode(' ', $currentTag);
}

/*
* Exclude all "non-regular" tagnames
Expand Down Expand Up @@ -476,14 +469,12 @@ protected function _cleanTags($source)
// Do we have an attribute to process? [check for equal sign]
if ($fromSpace != '/' && (($nextEqual && $nextSpace && $nextSpace < $nextEqual) || !$nextEqual))
{
$attribEnd = $nextSpace - 1;
if (!$nextEqual)
{
$attribEnd = strpos($fromSpace, '/') - 1;
}
else
{
$attribEnd = $nextSpace - 1;
}

// If there is an ending, use this, if not, do not worry.
if ($attribEnd > 0)
{
Expand All @@ -493,16 +484,14 @@ protected function _cleanTags($source)

if (strpos($fromSpace, '=') !== false)
{
// If the attribute value is wrapped in quotes we need to grab the substring from
// the closing quote, otherwise grab until the next space.
// Assume the attribute is not wrapped in quotes
$attr = substr($fromSpace, 0, $nextSpace);

// Then if it is wrapped in quotes, grab the substring from the closing quote
if (($openQuotes !== false) && (strpos(substr($fromSpace, ($openQuotes + 1)), '"') !== false))
{
$attr = substr($fromSpace, 0, ($closeQuotes + 1));
}
else
{
$attr = substr($fromSpace, 0, $nextSpace);
}
}
// No more equal signs so add any extra text in the tag into the attribute array [eg. checked]
else
Expand Down Expand Up @@ -545,14 +534,12 @@ protected function _cleanTags($source)
$preTag .= ' ' . $attrSet[$i];
}

$preTag .= '>';

// Reformat single tags to XHTML
if (strpos($fromTagOpen, '</' . $tagName))
{
$preTag .= '>';
}
else
if (!strpos($fromTagOpen, '</' . $tagName))
{
$preTag .= ' />';
$preTag = ' /'.$preTag;
}
}
// Closing tag
Expand Down Expand Up @@ -611,39 +598,34 @@ protected function _cleanAttributes($attrSet)
// AND blacklisted attributes

if ((!preg_match('/[a-z]*$/i', $attrSubSet[0]))
|| (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist))
|| (substr($attrSubSet[0], 0, 2) == 'on'))))
|| (($this->xssAuto) && ((in_array(strtolower($attrSubSet[0]), $this->attrBlacklist))
|| (substr($attrSubSet[0], 0, 2) == 'on')))
|| !isset($attrSubSet[1]))
{
continue;
}

// XSS attribute value filtering
if (isset($attrSubSet[1]))
{
// Trim leading and trailing spaces
$attrSubSet[1] = trim($attrSubSet[1]);
// Trim leading and trailing spaces
$attrSubSet[1] = trim($attrSubSet[1]);

// Strips unicode, hex, etc
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
// Strips unicode, hex, etc
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);

// Strip normal newline within attr value
$attrSubSet[1] = preg_replace('/[\n\r]/', '', $attrSubSet[1]);
// Strip normal newline within attr value
$attrSubSet[1] = preg_replace('/[\n\r]/', '', $attrSubSet[1]);

// Strip double quotes
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
// Strip double quotes
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);

// Convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr values)
if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
{
$attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
}
// Strip slashes
$attrSubSet[1] = stripslashes($attrSubSet[1]);
}
else
// Convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr values)
if ((substr($attrSubSet[1], 0, 1) == "'") && (substr($attrSubSet[1], (strlen($attrSubSet[1]) - 1), 1) == "'"))
{
continue;
$attrSubSet[1] = substr($attrSubSet[1], 1, (strlen($attrSubSet[1]) - 2));
}
// Strip slashes
$attrSubSet[1] = stripslashes($attrSubSet[1]);


// Autostrip script tags
if (self::checkAttribute($attrSubSet))
Expand Down Expand Up @@ -751,17 +733,15 @@ protected function _escapeAttributeValues($source)
$quote = substr($matches[0][0], -1);
$pregMatch = ($quote == '"') ? '#(\"\s*/\s*>|\"\s*>|\"\s+|\"$)#' : "#(\'\s*/\s*>|\'\s*>|\'\s+|\'$)#";

// Get the portion after attribute value
// Assume no closing quote
$nextAfter = strlen($remainder);

// Then get the portion after attribute value
if (preg_match($pregMatch, substr($remainder, $nextBefore), $matches, PREG_OFFSET_CAPTURE))
{
// We have a closing quote
// Adjust if we have a closing quote
$nextAfter = $nextBefore + $matches[0][1];
}
else
{
// No closing quote
$nextAfter = strlen($remainder);
}

// Get the actual attribute value
$attributeValue = substr($remainder, $nextBefore, $nextAfter - $nextBefore);
Expand Down Expand Up @@ -792,23 +772,18 @@ protected function _stripCSSExpressions($source)
$test = preg_replace('#\/\*.*\*\/#U', '', $source);

// Test for :expression
if (!stripos($test, ':expression'))
{
// Not found, so we are done
$return = $source;
}
else
if (stripos($test, ':expression'))
{
// At this point, we have stripped out the comments and have found :expression
// Test stripped string for :expression followed by a '('
if (preg_match_all('#:expression\s*\(#', $test, $matches))
{
// If found, remove :expression
$test = str_ireplace(':expression', '', $test);
$return = $test;
return $test;
}
}

return $return;
return $source;
}
}

0 comments on commit 02ca083

Please sign in to comment.