[pLog-svn] r3264 - in plog/branches/lifetype-1.0.4/class: action
data/validator
Glen Stansberry
blogfuse at yahoo.com
Wed Apr 19 18:19:14 GMT 2006
I don't know if this helps, but there's a xss cheat sheet that shows the current vulnerabilities (I think. Not a programmer).
http://ha.ckers.org/xss.html
I know Matt Mullenweg of Wordpress reads this and makes patches off of it.
----- Original Message ----
From: jondaley at devel.lifetype.net
To: plog-svn at devel.lifetype.net
Sent: Wednesday, April 19, 2006 6:23:02 AM
Subject: [pLog-svn] r3264 - in plog/branches/lifetype-1.0.4/class: action data/validator
Author: jondaley
Date: 2006-04-19 11:23:02 +0000 (Wed, 19 Apr 2006)
New Revision: 3264
Added:
plog/branches/lifetype-1.0.4/class/data/validator/templatenamevalidator.class.php
Modified:
plog/branches/lifetype-1.0.4/class/action/templateaction.class.php
Log:
ported 3259 from 1.1 to fix the xss vulnerability in template names. Any good way to figure out if there are more vulnerabilities?
Modified: plog/branches/lifetype-1.0.4/class/action/templateaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.4/class/action/templateaction.class.php 2006-04-19 08:09:19 UTC (rev 3263)
+++ plog/branches/lifetype-1.0.4/class/action/templateaction.class.php 2006-04-19 11:23:02 UTC (rev 3264)
@@ -3,8 +3,9 @@
include_once( PLOG_CLASS_PATH."class/action/blogaction.class.php" );
include_once( PLOG_CLASS_PATH."class/view/templateview.class.php" );
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
- include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );
+
/**
* \ingroup Action
* @private
@@ -39,8 +40,12 @@
function TemplateAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
-
- $this->registerFieldValidator( "show", new StringValidator());
+
+ $this->registerFieldValidator( "show", new TemplateNameValidator());
+
+ $view = new ErrorView( $this->_blogInfo );
+ $view->setErrorMessage( "Bad characters in the template name." );
+ $this->setValidationErrorView( $view );
$view = new ErrorView( $this->_blogInfo, "error_parameter_missing" );
$this->setValidationErrorView( $view );
}
@@ -55,17 +60,16 @@
*/
function perform()
{
- // get the value of the template we're trying to render
+ // get the value of the template we're trying to render
$templateFile = $this->_request->getValue( "show" );
- // then, check if it has any extraneous character
- if( strstr( $templateFile, ".." )) {
+ // then, check if it has any extraneous character
+ if( !$templateFile || strstr( $templateFile, ".." )) {
$this->_view = new ErrorView( $this->_blogInfo );
$this->_view->setValue( "message", "error_incorrect_parameter" );
$this->setCommonData();
return false;
}
-
// get the name of the template file and create the view
$this->_view = new TemplateView( $this->_blogInfo,
$this->_request->getValue( "show" ));
Copied: plog/branches/lifetype-1.0.4/class/data/validator/templatenamevalidator.class.php (from rev 3259, plog/trunk/class/data/validator/templatenamevalidator.class.php)
_______________________________________________
pLog-svn mailing list
pLog-svn at devel.lifetype.net
http://devel.lifetype.net/mailman/listinfo/plog-svn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20060419/4709d4cb/attachment.html
More information about the pLog-svn
mailing list