Skip to content
This repository has been archived by the owner on Feb 28, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
[SEC] XSS Bypass - prevents bypassing of the xss filter by padding zeros
git-svn-id: https://svn.code.sf.net/p/tikiwiki/code/branches/17.x@62084 b456876b-0849-0410-b77d-98878d47e9d5
  • Loading branch information
drsassafras committed Apr 5, 2017
1 parent db278dc commit 6c016e8
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions lib/core/TikiFilter/PreventXss.php
Expand Up @@ -183,14 +183,13 @@ function RemoveXSSchars(&$val)
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0, $istrlen_search = strlen($search); $i < $istrlen_search; $i++) {
// ;? matches the ;, which is optional
// 0{0,8} matches any padded zeros,
// which are optional and go up to 8 chars
// 0* matches any padded zeros, which are optional
// &#x0040 @ search for the hex values
$patterns[] = '/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i';
$patterns[] = '/(&#x0*'.dechex(ord($search[$i])).';?)/i';
$replacements[] = $search[$i];
// &#00064 @ 0{0,8} matches '0' zero to eight times
// &#00064 @ 0* matches padded zeros
// with a ;
$patterns[] = '/(&#0{0,8}'.ord($search[$i]).';?)/';
$patterns[] = '/(&#0*'.ord($search[$i]).';?)/';
$replacements[] = $search[$i];
}
}
Expand Down

2 comments on commit 6c016e8

@fgeek
Copy link

@fgeek fgeek commented on 6c016e8 Jun 28, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When do you plan to release 17.x version? Many of these latest vulnerabilities are fixed only in this major branch and I would like to ask users to update to get more secure installations.

@luciash
Copy link
Member

@luciash luciash commented on 6c016e8 Aug 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.