|
13.04.2006, 21:18
Открываем includes/functions_post.php
Находим (51):
PHP код:
$allowed_html_tags = split(',', $board_config['allow_html_tags']);
$end_html = 0;
$start_html = 1;
$tmp_message = '';
$message = ' ' . $message . ' ';
while ($start_html = strpos($message, '<', $start_html))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1, ($start_html - $end_html - 1)));
if ($end_html = strpos($message, '>', $start_html))
{
$length = $end_html - $start_html + 1;
$hold_string = substr($message, $start_html, $length);
if (($unclosed_open = strrpos(' ' . $hold_string, '<')) != 1)
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($hold_string, 0, $unclosed_open - 1));
$hold_string = substr($hold_string, $unclosed_open - 1);
}
$tagallowed = false;
for ($i = 0; $i < sizeof($allowed_html_tags); $i++)
{
$match_tag = trim($allowed_html_tags[$i]);
if (preg_match('#^<\/?' . $match_tag . '[> ]#i', $hold_string))
{
$tagallowed = (preg_match('#^<\/?' . $match_tag . ' .*?(style[\t ]*?=|on[\w]+[\t ]*?=)#i', $hold_string)) ? false : true;
}
}
$tmp_message .= ($length && !$tagallowed) ? preg_replace($html_entities_match, $html_entities_replace, $hold_string) : $hold_string;
$start_html += $length;
}
else
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $start_html, strlen($message)));
$start_html = strlen($message);
$end_html = $start_html;
}
}
if (!$end_html || ($end_html != strlen($message) && $tmp_message != ''))
{
$tmp_message .= preg_replace($html_entities_match, $html_entities_replace, substr($message, $end_html + 1));
}
$message = ($tmp_message != '') ? trim($tmp_message) : trim($message);
Заменяем на: (изменено)
PHP код:
// If HTML is on, we try to make it safe
// This approach is quite agressive and anything that does not look like a valid tag
// is going to get converted to HTML entities
$message = stripslashes($message);
$html_match = '#<[^\w<]*(\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
$matches = array();
$message_split = preg_split($html_match, $message);
preg_match_all($html_match, $message, $matches);
$message = '';
foreach ($message_split as $part)
{
$tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
$message .= htmlspecialchars($part) . clean_html($tag);
}
$message = addslashes($message);
$message = str_replace('"', '\"', $message);
Находим (161):
PHP код:
$temp_option_text[$option_id] = htmlspecialchars($option_text);
Заменяем на:
PHP код:
$temp_option_text[intval($option_id)] = htmlspecialchars($option_text);
Находим (824):
PHP код:
include("includes/page_tail_review.php");
}
}
Ниже добавьте:
PHP код:
/**
* Called from within prepare_message to clean included HTML tags if HTML is
* turned on for that post
* @param array $tag Matching text from the message to parse
*/
function clean_html($tag)
{
global $board_config;
if (empty($tag[0]))
{
return '';
}
$allowed_html_tags = preg_split('/, */', strtolower($board_config['allow_html_tags']));
$disallowed_attributes = '/^(?:style|on)/i';
// Check if this is an end tag
preg_match('/<[^\w\/]*\/[\W]*(\w+)/', $tag[0], $matches);
if (sizeof($matches))
{
if (in_array(strtolower($matches[1]), $allowed_html_tags))
{
return '</' . $matches[1] . '>';
}
else
{
return htmlspecialchars('</' . $matches[1] . '>');
}
}
// Check if this is an allowed tag
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
$attributes = '';
if (!empty($tag[2]))
{
preg_match_all('/[\W]*?(\w+)[\W]*?=[\W]*?(["\'])((?:(?!\2).)*)\2/', $tag[2], $test);
for ($i = 0; $i < sizeof($test[0]); $i++)
{
if (preg_match($disallowed_attributes, $test[1][$i]))
{
continue;
}
$attributes .= ' ' . $test[1][$i] . '=' . $test[2][$i] . str_replace(array('[', ']'), array('[', ']'), htmlspecialchars($test[3][$i])) . $test[2][$i];
}
}
if (in_array(strtolower($tag[1]), $allowed_html_tags))
{
return '<' . $tag[1] . $attributes . '>';
}
else
{
return htmlspecialchars('<' . $tag[1] . $attributes . '>');
}
}
// Finally, this is not an allowed tag so strip all the attibutes and escape it
else
{
return htmlspecialchars('<' . $tag[1] . '>');
}
}
Открываем modules/Forums/prune.php
Находим (72):
PHP код:
function prune($forum_id, $prune_date, $prune_all = false)
{
global $db, $lang;
Ниже добавляем:
PHP код:
// Before pruning, lets try to clean up the invalid topic entries
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . '
WHERE topic_last_post_id = 0';
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not obtain lists of topics to sync', '', __LINE__, __FILE__, $sql);
}
while( $row = $db->sql_fetchrow($result) )
{
sync('topic', $row['topic_id']);
}
$db->sql_freeresult($result);
Находим (98):
PHP код:
AND ( p.post_id = t.topic_last_post_id
OR t.topic_last_post_id = '0' )";
Заменяем на:
PHP код:
AND p.post_id = t.topic_last_post_id";
Открываем modules/Forums/sessions.php
Находим (183):
PHP код:
list($sec, $usec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
$session_id = md5(uniqid(mt_rand(), true));
Заменяем на:
PHP код:
$session_id = md5(dss_rand());
Находим (245):
PHP код:
list($sec, $usec) = explode(' ', microtime());
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
$auto_login_key = uniqid(mt_rand(), true);
Заменяем на:
PHP код:
$auto_login_key = dss_rand() . dss_rand();
Находим (519):
PHP код:
WHERE last_login < ' . (time() - (86400 * (int) $board_config['max_autologin_time']));
$db->sql_query($sql);
}
return true;
}
Ниже добавляем:
PHP код:
/**
* Reset all login keys for the specified user
* Called on password changes
*/
function session_reset_keys($user_id, $user_ip)
{
global $db, $userdata;
$key_sql = ($user_id == $userdata['user_id'] && !empty($userdata['session_key'])) ? "AND key_id != '" . md5($userdata['session_key']) . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE user_id = ' . (int) $user_id . "
$key_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing auto-login keys', '', __LINE__, __FILE__, $sql);
}
$where_sql = 'session_user_id = ' . (int) $user_id;
$where_sql .= ($user_id == $userdata['user_id']) ? " AND session_id <> '" . $userdata['session_id'] . "'" : '';
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE $where_sql";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error removing user session(s)', '', __LINE__, __FILE__, $sql);
}
if ( !empty($key_sql) )
{
$auto_login_key = dss_rand() . dss_rand();
$current_time = time();
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($userdata['session_key']) . "'";
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
// And now rebuild the cookie
$sessiondata['userid'] = $user_id;
$sessiondata['autologinid'] = $autologin_id;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
$userdata['session_key'] = $auto_login_key;
unset($sessiondata);
unset($auto_login_key);
}
}
|
|