Add some security with strip_tags + Don't encode quotes

This commit is contained in:
Olivier PEREZ 2015-01-07 23:16:42 +01:00
parent 2495a8002f
commit c67a4c7c14
5 changed files with 29 additions and 24 deletions

View File

@ -46,7 +46,7 @@ $inputService = new InputService();
/* ---- */
if (!empty($_GET['poll']) && strlen($_GET['poll']) === 24) {
$admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => '/^[a-z0-9]+$/']]);
$admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll_id = substr($admin_poll_id, 0, 16);
$poll = $pollService->findById($poll_id);
}
@ -67,7 +67,7 @@ if (isset($_POST['update_poll_info'])) {
// Update the right poll field
if ($field == 'title') {
$title = filter_input(INPUT_POST, 'title', FILTER_DEFAULT);
$title = strip_tags($_POST['title']);
if ($title) {
$poll->title = $title;
$updated = true;
@ -79,13 +79,13 @@ if (isset($_POST['update_poll_info'])) {
$updated = true;
}
} elseif ($field == 'comment') {
$comment = filter_input(INPUT_POST, 'comment', FILTER_DEFAULT);
$comment = strip_tags($_POST['comment']);
if ($comment) {
$poll->comment = $comment;
$updated = true;
}
} elseif ($field == 'rules') {
$rules = filter_input(INPUT_POST, 'rules', FILTER_DEFAULT);
$rules = strip_tags($_POST['rules']);
switch ($rules) {
case 0:
$poll->active = false;
@ -127,7 +127,7 @@ if (!empty($_POST['edit_vote'])) {
if (!empty($_POST['save'])) { // Save edition of an old vote
$editedVote = filter_input(INPUT_POST, 'save', FILTER_VALIDATE_INT);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[012]$/']]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($editedVote)) {
$message = new Message('danger', _('Something is going wrong...'));
@ -146,8 +146,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
}
}
} elseif (isset($_POST['save'])) { // Add a new vote
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[a-z0-9_ -]+$/i']]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[012]$/']]);
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($name)) {
$message = new Message('danger', _('Name is incorrect.'));
@ -204,8 +204,8 @@ if (isset($_POST['confirm_remove_all_votes'])) {
// -------------------------------
if (isset($_POST['add_comment'])) {
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[a-z0-9_ -]+$/i']]);
$comment = filter_input(INPUT_POST, 'comment', FILTER_DEFAULT);
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
$comment = strip_tags($_POST['comment']);
if (empty($name)) {
$message = new Message('danger', _('Name is incorrect.'));
@ -308,7 +308,7 @@ if (!empty($_POST['delete_column'])) {
}
// -------------------------------
// Delete a slot
// Add a slot
// -------------------------------
if (isset($_POST['add_slot'])) {
@ -321,13 +321,13 @@ if (isset($_POST['add_slot'])) {
}
if (isset($_POST['confirm_add_slot'])) {
if ($poll->format === 'D') {
$newdate = filter_input(INPUT_POST, 'newdate', FILTER_DEFAULT);
$newmoment = filter_input(INPUT_POST, 'newmoment', FILTER_DEFAULT);
$newdate = strip_tags($_POST['newdate']);
$newmoment = strip_tags($_POST['newmoment']);
$ex = explode('/', $newdate);
$result = $adminPollService->addSlot($poll_id, mktime(0, 0, 0, $ex[1], $ex[0], $ex[2]), $newmoment);
} else {
$newslot = filter_input(INPUT_POST, 'choice', FILTER_DEFAULT);
$newslot = strip_tags($_POST['choice']);
$result = $adminPollService->addSlot($poll_id, $newslot, null);
}

View File

@ -55,6 +55,11 @@ $ALLOWED_LANGUAGES = [
'de_DE' => 'Deutsch',
];
// Regex
const POLL_REGEX = '/^[a-z0-9]+$/';
const CHOICE_REGEX = '/^[012]$/';
const NAME_REGEX = '/^[ a-z0-9_ -]+$/i';
// Path to logo
const LOGOBANDEAU = '<relative path to the logo file>';

View File

@ -134,7 +134,7 @@ if (empty($_SESSION['form']->title) || empty($_SESSION['form']->admin_name) || (
$_SESSION['form']->clearChoices();
foreach ($_POST['choices'] as $c) {
if (!empty($c)) {
$c = filter_var($c, FILTER_SANITIZE_STRING);
$c = strip_tags($c);
$choice = new Choice($c);
$_SESSION['form']->addChoice($choice);
}

View File

@ -140,7 +140,7 @@ if (!isset($_SESSION['form']->title) || !isset($_SESSION['form']->admin_name) ||
$schedules = $inputService->filterArray($_POST['horaires'.$i], FILTER_DEFAULT);
for($j = 0; $j < count($schedules); $j++) {
if (!empty($schedules[$j])) {
$choice->addSlot($schedules[$j]);
$choice->addSlot(strip_tags($schedules[$j]));
}
}
}

View File

@ -53,7 +53,7 @@ $mailService = new MailService($config['use_smtp']);
function sendUpdateNotification($poll, $mailService) {
if ($poll->receiveNewVotes && !isset($_SESSION['mail_sent'][$poll->id])) {
$subject = '[' . NOMAPPLICATION . '] ' . _('Poll\'s participation') . ' : ' . html_entity_decode($poll->title, ENT_QUOTES, 'UTF-8');
$subject = '[' . NOMAPPLICATION . '] ' . _('Poll\'s participation') . ' : ' . $poll->title;
$message = html_entity_decode('"$nom" ', ENT_QUOTES, 'UTF-8') .
_('has filled a line.\nYou can find your poll at the link') . " :\n\n" .
Utils::getUrlSondage($poll->admin_poll_id, true) . " \n\n" .
@ -69,7 +69,7 @@ function sendUpdateNotification($poll, $mailService) {
/* ---- */
if (!empty($_GET['poll'])) {
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[a-z0-9]+$/']]);
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll = $pollService->findById($poll_id);
}
@ -94,7 +94,7 @@ if (!empty($_POST['edit_vote'])) {
if (!empty($_POST['save'])) { // Save edition of an old vote
$editedVote = filter_input(INPUT_POST, 'save', FILTER_VALIDATE_INT);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[012]$/']]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($editedVote)) {
$message = new Message('danger', _('Something is going wrong...'));
@ -114,8 +114,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
}
}
} elseif (isset($_POST['save'])) { // Add a new vote
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[a-z0-9_ -]+$/i']]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[012]$/']]);
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
$choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
if (empty($name)) {
$message = new Message('danger', _('Name is incorrect.'));
@ -141,8 +141,8 @@ if (!empty($_POST['save'])) { // Save edition of an old vote
// -------------------------------
if (isset($_POST['add_comment'])) {
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options'=>['regexp'=>'/^[a-z0-9_ -]+$/i']]);
$comment = filter_input(INPUT_POST, 'comment', FILTER_DEFAULT);
$name = filter_input(INPUT_POST, 'name', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => NAME_REGEX]]);
$comment = strip_tags($_POST['comment']);
if (empty($name)) {
$message = new Message('danger', _('Name is incorrect.'));