Permalink
Browse files

Several fixes in ipatlas and new param type for clean_param().

- clean_param() now handles PARAM_HOST, which will only let through stuff that looks like a valid IPv4 dotted quad or a FQDN
- SC#10 - Several issues in ipatlas fixed -- though not with elegance :(
- Some short tags expanded

This code needs some love and care.
  • Loading branch information...
1 parent 0b8d327 commit ff9a78aa5518efa6ba0045b9717b4507b3e2154d martinlanghoff committed Dec 16, 2004
@@ -3,10 +3,14 @@
include("plotconf.inc");
include("plot.inc");
-if($warnings == "1") {
-error_reporting(E_ALL);
+if($CFG->debug > 1) {
+ error_reporting(E_ALL);
} else {
-error_reporting(E_ERROR);
+ error_reporting(E_ERROR);
+}
+
+if (isset($HTTP_GET_VARS["lastquery"])){
+ $HTTP_GET_VARS["lastquery"] = clean_param($HTTP_GET_VARS["lastquery"], PARAM_HOST);
}
?>
@@ -19,17 +23,33 @@
}
if(isset($HTTP_POST_VARS["button"])) {
+
+// cleanup post data
+$HTTP_POST_VARS["shape"] = clean_param($HTTP_POST_VARS["shape"], PARAM_ALPHA);
+$HTTP_POST_VARS["color"] = clean_param($HTTP_POST_VARS["color"], PARAM_ALPHA);
+$HTTP_POST_VARS["color"] = clean_param($HTTP_POST_VARS["size"], PARAM_INT);
+$HTTP_POST_VARS["earthimage"] = clean_param($HTTP_POST_VARS["earthimage"], PARAM_FILE);
+$HTTP_POST_VARS["cssdot"] = clean_param($HTTP_POST_VARS["cssdot"], PARAM_FILE);
+$HTTP_POST_VARS["seldrawmode"] = clean_param($HTTP_POST_VARS["seldrawmode"],PARAM_ALPHA);
+// unset the earth image if we don't have it in our list
+ if (!in_array($HTTP_POST_VARS["earthimage"],$earthimages)) {
+ unset($HTTP_POST_VARS["earthimage"]);
+ }
+
+
// save data from the POST
setcookie ("atlasprefs", "", time() - 36000000);
setcookie ("atlasprefs", "$HTTP_POST_VARS[shape]:$HTTP_POST_VARS[color]:$HTTP_POST_VARS[size]:$HTTP_POST_VARS[earthimage]:$HTTP_POST_VARS[cssdot]:$HTTP_POST_VARS[seldrawmode]", time() + 36000000, $cookiepath);
-$setshape = $HTTP_POST_VARS["shape"];
-$setcolor = $HTTP_POST_VARS["color"];
-$setsize = $HTTP_POST_VARS["size"];
+$setshape = $HTTP_POST_VARS["shape"];
+$setcolor = $HTTP_POST_VARS["color"];
+$setsize = $HTTP_POST_VARS["size"];
$setearthimage = $HTTP_POST_VARS["earthimage"];
-$setcssdot = $HTTP_POST_VARS["cssdot"];
+$setcssdot = $HTTP_POST_VARS["cssdot"];
$setseldrawmode = $HTTP_POST_VARS["seldrawmode"];
+
+
if($setseldrawmode == "1") {
$drawmode = "GD";
} else {
@@ -1,4 +1,4 @@
-<?
+<?php
/*
@@ -1,4 +1,4 @@
-<?
+<?php
/*
@@ -1,8 +1,9 @@
-<?
+<?php
$version = "1.0";
// check for bad agents immidietly
+$blockbadagents=1;
if($blockbadagents == 1) {
// those metaquery assholes at t-dialin and others can't
// get another dumber using the default user-agent, can they?
View
@@ -11,18 +11,23 @@
$username = "";
}
-if($warnings == "1") {
+if ($CFG->debug > 1) {
error_reporting(E_ALL);
} else {
error_reporting(E_ERROR);
}
+// cleanup
+$HTTP_GET_VARS["lastquery"] = clean_param($HTTP_GET_VARS["lastquery"], PARAM_HOST);
+
+
// check if it is the user's ip, or another host
if(!isset($HTTP_GET_VARS["address"]) || ($HTTP_GET_VARS["address"] == "")) {
$address = $HTTP_SERVER_VARS['REMOTE_ADDR'];
$local = 1;
} else {
+ $HTTP_GET_VARS["address"] = clean_param($HTTP_GET_VARS["address"], PARAM_HOST);
$address = $HTTP_GET_VARS["address"];
$local = 0;
}
@@ -38,6 +43,7 @@
if(isset($HTTP_COOKIE_VARS["atlasprefs"]) && validcookie($HTTP_COOKIE_VARS["atlasprefs"])) {
list( , , , $imagething) = split(":", $HTTP_COOKIE_VARS["atlasprefs"]);
+$imagething = clean_param($imagething, PARAM_FILE);
$earthimage = isvalidimage($imagething, $earthimages, $defaultimage);
} else {
$earthimage = $earthimages[$defaultimage];
@@ -64,10 +70,12 @@
if(isset($HTTP_COOKIE_VARS["atlasprefs"])) {
list( , , , , $dotname) = split(":", $HTTP_COOKIE_VARS["atlasprefs"]);
+$dotname = clean_param($dotname, PARAM_FILE);
list($thedot, $dotwidth, $dotheight) = finddot($dotname, $cssdots, $defaultdot);
} else {
$dotname = $cssdots[$defaultdot];
list($dotname, , , ) = split(":", $dotname);
+$dotname = clean_param($dotname, PARAM_FILE);
list($thedot, $dotwidth, $dotheight) = finddot($dotname, $cssdots, $defaultdot);
}
@@ -1,4 +1,4 @@
-<?
+<?php
require("../../config.php");
@@ -1,4 +1,4 @@
-<?
+<?php
function t($phrase) {
global $language;
View
@@ -53,6 +53,7 @@
define('PARAM_NOTAGS', 0x08);
define('PARAM_FILE', 0x10);
define('PARAM_PATH', 0x20);
+define('PARAM_HOST', 0x40); // FQDN or IPv4 dotted quad
/// PARAMETER HANDLING ////////////////////////////////////////////////////
@@ -135,6 +136,29 @@ function clean_param($param, $options) {
$param = ereg_replace('//+', '/', $param);
}
+ if ($options & PARAM_HOST) { // allow FQDN or IPv4 dotted quad
+ preg_replace('/[^\.\d\w-]/','', $param ); // only allowed chars
+ // match ipv4 dotted quad
+ if (preg_match('/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/',$param, $match)){
+ // confirm values are ok
+ if ( $match[0] > 255
+ || $match[1] > 255
+ || $match[3] > 255
+ || $match[4] > 255 ) {
+ // hmmm, what kind of dotted quad is this?
+ $param = '';
+ }
+ } elseif ( preg_match('/^[\w\d\.-]+$/', $param) // dots, hyphens, numbers
+ && !preg_match('/^[\.-]/', $param) // no leading dots/hyphens
+ && !preg_match('/[\.-]$/', $param) // no trailing dots/hyphens
+ ) {
+ // all is ok - $param is respected
+ } else {
+ // all is not ok...
+ $param='';
+ }
+ }
+
return $param;
}

0 comments on commit ff9a78a

Please sign in to comment.