Skip to content
Permalink
Browse files

disallow JS in template code

  • Loading branch information
michield committed Mar 22, 2020
1 parent 3133d3b commit e963bf6abdf855df8ac98ef56d9e83a3b75d2dc5
Showing with 26 additions and 3 deletions.
  1. +24 −1 public_html/lists/admin/inc/magic_quotes.php
  2. +2 −2 public_html/lists/admin/template.php
@@ -44,10 +44,33 @@ function removeXss($string)
}
//$string = preg_replace('/<script/im','&lt;script',$string);
$string = htmlspecialchars($string);

return $string;
}

function disableJavascript($content) {
## disallow Javascript
$content = str_ireplace('<script','< script',$content);
$content = str_ireplace('onmouseover','on mouse over',$content);
$content = str_ireplace('onmouseout','on mouse out',$content);
$content = str_ireplace('onmousemove','on mouse move',$content);
$content = str_ireplace('onmousedown','on mouse down',$content);
$content = str_ireplace('onclick','on click',$content);
$content = str_ireplace('ondblclick','on dbl click',$content);
$content = str_ireplace('onload','on load',$content);
$content = str_ireplace('onunload','on unload',$content);
$content = str_ireplace('onerror','on error',$content);
$content = str_ireplace('onresize','on resize',$content);
$content = str_ireplace('onblur','on blue',$content);
$content = str_ireplace('onchange','on change',$content);
$content = str_ireplace('onfocus','on focus',$content);
$content = str_ireplace('onselect','on select',$content);
$content = str_ireplace('onsubmit','on submit',$content);
$content = str_ireplace('onreset','on reset',$content);
$content = str_ireplace('onkeyup','on keyup',$content);
$content = str_ireplace('onkeydown','on keydown',$content);
return $content;
}

/*
foreach ($_POST as $key => $val) {
print "POST: $key = $val<br/>";
@@ -80,7 +80,7 @@ function getTemplateLinks($content)
//$msg = '';
} elseif (!empty($_POST['save']) || !empty($_POST['sendtest'])) { //# let's save when sending a test
$templateok = 1;
$title = $_POST['title'];
$title = strip_tags($_POST['title']);
$req = Sql_Query(sprintf('select * from %s where title = "%s" ',$tables['template'], sql_escape($title)));
if(Sql_Affected_Rows()){
$titleExists = true;
@@ -91,9 +91,9 @@ function getTemplateLinks($content)
if($titleExists && !$id){
$actionresult .= s('The title of the template exists.').'<br/>';
$templateok = 0;

}

$content = disableJavascript($content);
if (!empty($title) && strpos($content, '[CONTENT]') !== false) {
$images = getTemplateImages($content);

0 comments on commit e963bf6

Please sign in to comment.
You can’t perform that action at this time.