Skip to content
Permalink
Browse files Browse the repository at this point in the history
Tiếp tục fix lỗi XSS
  • Loading branch information
anhtunguyen committed Oct 29, 2022
1 parent f5d5bd1 commit 0b3197f
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions vendor/vinades/nukeviet/Core/Request.php
Expand Up @@ -743,8 +743,10 @@ private function filterAttr($attrSet, $tagName, &$isvalid)
$attrSubSet[1] = preg_replace("/^\'(.*)\'$/", '\\1', $attrSubSet[1]);
$attrSubSet[1] = str_replace(['"', '"'], "'", $attrSubSet[1]);

$value = $this->unhtmlentities($attrSubSet[1]);

// Security check Data URLs
if (preg_match('/^[\r\n\s\t]*d\s*a\s*t\s*a\s*\:([^\,]*?)\;*(base64)*?[\r\n\s\t]*\,[\r\n\s\t]*(.*?)[\r\n\s\t]*$/isu', $attrSubSet[1], $m)) {
if (preg_match('/^[\r\n\s\t]*d\s*a\s*t\s*a\s*\:([^\,]*?)\;*[\r\n\s\t]*(base64)*?[\r\n\s\t]*\,[\r\n\s\t]*(.*?)[\r\n\s\t]*$/isu', $value, $m)) {
if (empty($m[2])) {
$dataURLs = urldecode($m[3]);
} else {
Expand All @@ -758,7 +760,10 @@ private function filterAttr($attrSet, $tagName, &$isvalid)
}
}

$value = $this->unhtmlentities($attrSubSet[1]);
if (preg_replace('/\<\s*s\s*c\s*r\s*i\s*p\s*t([^\>]*)\>(.*)\<\s*\/\s*s\s*c\s*r\s*i\s*p\s*t\s*\>/isU', '', $value)) {
continue;
}

$search = [
'javascript' => '/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/si',
'vbscript' => '/v\s*b\s*s\s*c\s*r\s*i\s*p\s*t/si',
Expand Down Expand Up @@ -825,7 +830,7 @@ private function filterAttr($attrSet, $tagName, &$isvalid)
private function filterTags($source, &$isvalid = true)
{
$checkInvalid = 0;
$source = preg_replace('/\<script([^\>]*)\>(.*)\<\/script\>/isU', '', $source, -1, $checkInvalid);
$source = preg_replace('/\<\s*s\s*c\s*r\s*i\s*p\s*t([^\>]*)\>(.*)\<\s*\/\s*s\s*c\s*r\s*i\s*p\s*t\s*\>/isU', '', $source, -1, $checkInvalid);
if ($checkInvalid > 0) {
$isvalid = false;
}
Expand Down Expand Up @@ -936,7 +941,7 @@ private function filterTags($source, &$isvalid = true)
}

$preTag .= $postTag;
while (preg_match('/\<script([^\>]*)\>(.*)\<\/script\>/isU', $preTag)) {
while (preg_match('/\<\s*s\s*c\s*r\s*i\s*p\s*t([^\>]*)\>(.*)\<\s*\/\s*s\s*c\s*r\s*i\s*p\s*t\>/isU', $preTag)) {
$preTag = preg_replace('/\<script([^\>]*)\>(.*)\<\/script\>/isU', '', $preTag);
}
$preTag = str_replace(["'", '"', '<', '>'], ['&#039;', '&quot;', '&lt;', '&gt;'], $preTag);
Expand Down

0 comments on commit 0b3197f

Please sign in to comment.