diff --git a/includes/common.inc b/includes/common.inc
index 12a71bbda8ea173239f6ee178502886d3d2cf3ed..2346f2646ce1d4503b02c8cfa6bfd3db420b9a5c 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -179,7 +179,7 @@ function variable_init($conf = array()) {
return $conf;
}
-function variable_get($name, $default, $object = 0) {
+function variable_get($name, $default) {
global $conf;
return isset($conf[$name]) ? $conf[$name] : $default;
@@ -412,12 +412,6 @@ function search_type($type = 0, $action = 0, $keys = 0, $options = 0) {
function drupal_goto($url) {
- /*
- ** Check the URL to prevent XSS attacks:
- */
-
- $url = check_url($url);
-
/*
** Translate & to simply &
*/
@@ -475,12 +469,61 @@ function referer_load() {
}
}
-function check_url($uri) {
- /*
- ** We pipe the request URI through htmlspecialchars() to prevent
- ** XSS attacks.
- */
+function xss_check_input_data($data) {
+
+ if (is_array($data)) {
+ /*
+ ** Form data can contain a number of nested arrays.
+ */
+
+ foreach ($data as $key => $value) {
+ xss_check_input_data($value);
+ }
+ }
+ else {
+ /*
+ ** Detect evil input data.
+ */
+
+ // check attributes:
+ $match = preg_match("/\Wstyle\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wdynsrc\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wdatasrc\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wdata\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wlowsrc\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wstyle\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Won[a-z]+\s*=[^>]+?>/i", $data);
+ $match += preg_match("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", $data);
+ $match += preg_match("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", $data);
+ $match += preg_match("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", $data);
+
+ // check tags:
+ $match += preg_match("/<\s*applet/i", $data);
+ $match += preg_match("/<\s*script/i", $data);
+ $match += preg_match("/<\s*object/i", $data);
+ $match += preg_match("/<\s*style/i", $data);
+ $match += preg_match("/<\s*embed/i", $data);
+ $match += preg_match("/<\s*form/i", $data);
+ $match += preg_match("/<\s*blink/i", $data);
+ $match += preg_match("/<\s*meta/i", $data);
+ $match += preg_match("/<\s*font/i", $data);
+ $match += preg_match("/<\s*html/i", $data);
+ $match += preg_match("/<\s*frame/i", $data);
+ $match += preg_match("/<\s*iframe/i", $data);
+ $match += preg_match("/<\s*layer/i", $data);
+ $match += preg_match("/<\s*ilayer/i", $data);
+ $match += preg_match("/<\s*head/i", $data);
+ $match += preg_match("/<\s*frameset/i", $data);
+ $match += preg_match("/<\s*xml/i", $data);
+
+ if ($match) {
+ watchdog("warning", "terminated request because of suspicious input data: ". drupal_specialchars($data));
+ die("terminated request because of suspicious input data");
+ }
+ }
+}
+function check_url($uri) {
$uri = htmlspecialchars($uri, ENT_QUOTES);
/*
@@ -979,6 +1022,7 @@ function timer_start() {
}
function drupal_page_header() {
+
if (variable_get("dev_timer", 0)) {
timer_start();
}
@@ -1036,6 +1080,9 @@ function drupal_page_footer() {
// spit out the correct charset http header
header("Content-Type: text/html; charset=utf-8");
+// filter input data:
+xss_check_input_data($_REQUEST);
+
// initialize installed modules:
module_init();
@@ -1045,4 +1092,5 @@ function drupal_page_footer() {
// initialize theme:
$theme = theme_init();
+
?>
diff --git a/modules/aggregator.module b/modules/aggregator.module
index 78adefc7c676afe2b6b6de322bf89941c55ba49c..1d384e70696378cbdef730a7d1fc5152647225fd 100644
--- a/modules/aggregator.module
+++ b/modules/aggregator.module
@@ -305,6 +305,9 @@ function import_refresh($feed) {
}
fclose($fp);
+ // filter the input data:
+ xss_check_input_data($data);
+
// parse the data:
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "import_element_start", "import_element_end");
@@ -320,14 +323,6 @@ function import_refresh($feed) {
$tt = array_flip(get_html_translation_table(HTML_ENTITIES));
$tt["'"] = "'";
- /*
- ** Strip invalid tags and provide default values (if required):
- */
-
- foreach ($channel as $key => $value) {
- $channel[$key] = node_filter(strtr(trim($value), $tt));
- }
-
db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]);
/*
diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module
index 78adefc7c676afe2b6b6de322bf89941c55ba49c..1d384e70696378cbdef730a7d1fc5152647225fd 100644
--- a/modules/aggregator/aggregator.module
+++ b/modules/aggregator/aggregator.module
@@ -305,6 +305,9 @@ function import_refresh($feed) {
}
fclose($fp);
+ // filter the input data:
+ xss_check_input_data($data);
+
// parse the data:
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "import_element_start", "import_element_end");
@@ -320,14 +323,6 @@ function import_refresh($feed) {
$tt = array_flip(get_html_translation_table(HTML_ENTITIES));
$tt["'"] = "'";
- /*
- ** Strip invalid tags and provide default values (if required):
- */
-
- foreach ($channel as $key => $value) {
- $channel[$key] = node_filter(strtr(trim($value), $tt));
- }
-
db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]);
/*
diff --git a/modules/archive.module b/modules/archive.module
index 206d90f7617dbfc5ecf7ff0bebc25be9c07c58ba..b69d4feb1b64a775119fcc730c5a74d82818a2a0 100644
--- a/modules/archive.module
+++ b/modules/archive.module
@@ -87,7 +87,7 @@ function archive_calendar($original = 0) {
$output .= "
\n";
diff --git a/modules/archive/archive.module b/modules/archive/archive.module
index 206d90f7617dbfc5ecf7ff0bebc25be9c07c58ba..b69d4feb1b64a775119fcc730c5a74d82818a2a0 100644
--- a/modules/archive/archive.module
+++ b/modules/archive/archive.module
@@ -87,7 +87,7 @@ function archive_calendar($original = 0) {
$output .= " \n";
diff --git a/modules/import.module b/modules/import.module
index 78adefc7c676afe2b6b6de322bf89941c55ba49c..1d384e70696378cbdef730a7d1fc5152647225fd 100644
--- a/modules/import.module
+++ b/modules/import.module
@@ -305,6 +305,9 @@ function import_refresh($feed) {
}
fclose($fp);
+ // filter the input data:
+ xss_check_input_data($data);
+
// parse the data:
$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, "import_element_start", "import_element_end");
@@ -320,14 +323,6 @@ function import_refresh($feed) {
$tt = array_flip(get_html_translation_table(HTML_ENTITIES));
$tt["'"] = "'";
- /*
- ** Strip invalid tags and provide default values (if required):
- */
-
- foreach ($channel as $key => $value) {
- $channel[$key] = node_filter(strtr(trim($value), $tt));
- }
-
db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]);
/*
diff --git a/modules/node.module b/modules/node.module
index aad95c00f6f8ed9f04ddea640927b3f67313a1c4..ccdd264baa5853cb2fcfff96e2b481557991b1a4 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -499,11 +499,6 @@ function node_comment_mode($nid) {
}
function node_filter($text) {
- $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text);
-
if (variable_get("filter_html", 0)) {
$text = node_filter_html($text);
}
diff --git a/modules/node/node.module b/modules/node/node.module
index aad95c00f6f8ed9f04ddea640927b3f67313a1c4..ccdd264baa5853cb2fcfff96e2b481557991b1a4 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -499,11 +499,6 @@ function node_comment_mode($nid) {
}
function node_filter($text) {
- $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Wsrc\s*=[\s'\"]*javascript[^>]+?>/i", ">", $text);
- $text = preg_replace("/\Whref\s*=[\s'\"]*javascript:[^>]+?>/i", ">", $text);
-
if (variable_get("filter_html", 0)) {
$text = node_filter_html($text);
}
diff --git a/modules/search.module b/modules/search.module
index 8a332263b91726c1676c01427091b958f302eb54..f024f0d5e1fc2a59497114468b578cffae0f1a6b 100644
--- a/modules/search.module
+++ b/modules/search.module
@@ -364,15 +364,7 @@ function search_view($keys) {
theme("box", t("Search Results"), $output);
}
else {
- // no results. try a substring search
- $output = search_data("*". $keys. "*");
-
- if ($output) {
- theme("box", t("Search Results"), $output);
- }
- else {
- theme("box", t("Search Results"), t("Your search yielded no results."));
- }
+ theme("box", t("Search Results"), t("Your search yielded no results."));
}
}
diff --git a/modules/search/search.module b/modules/search/search.module
index 8a332263b91726c1676c01427091b958f302eb54..f024f0d5e1fc2a59497114468b578cffae0f1a6b 100644
--- a/modules/search/search.module
+++ b/modules/search/search.module
@@ -364,15 +364,7 @@ function search_view($keys) {
theme("box", t("Search Results"), $output);
}
else {
- // no results. try a substring search
- $output = search_data("*". $keys. "*");
-
- if ($output) {
- theme("box", t("Search Results"), $output);
- }
- else {
- theme("box", t("Search Results"), t("Your search yielded no results."));
- }
+ theme("box", t("Search Results"), t("Your search yielded no results."));
}
}
diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index 89427d139d0ac994341f7b9cf90b77771eb51c6c..567a8e5e3ff87df9b4edaf64f12cae560d8b2039 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -657,23 +657,25 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = 1) {
global $user;
- if ($taxonomy->operator == "or") {
- $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC";
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'";
- }
- else {
- $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC";
+ if ($taxonomy->str_tids) {
+ if ($taxonomy->operator == "or") {
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC";
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'";
+ }
+ else {
+ $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC";
- // Special trick as we could not find anything better:
- $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
- $sql_count = "SELECT $count";
- }
+ // Special trick as we could not find anything better:
+ $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
+ $sql_count = "SELECT $count";
+ }
- if ($pager) {
- $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count);
- }
- else {
- $result = db_query_range($sql, 0, 15);
+ if ($pager) {
+ $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count);
+ }
+ else {
+ $result = db_query_range($sql, 0, 15);
+ }
}
return $result;
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index 89427d139d0ac994341f7b9cf90b77771eb51c6c..567a8e5e3ff87df9b4edaf64f12cae560d8b2039 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -657,23 +657,25 @@ function _prepare_insert($data, $stage) {
function taxonomy_select_nodes($taxonomy, $pager = 1) {
global $user;
- if ($taxonomy->operator == "or") {
- $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC";
- $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'";
- }
- else {
- $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC";
+ if ($taxonomy->str_tids) {
+ if ($taxonomy->operator == "or") {
+ $sql = "SELECT DISTINCT(n.nid), n.title, n.type, n.created, n.changed, n.uid, n.static, n.created, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' ORDER BY static DESC, created DESC";
+ $sql_count = "SELECT COUNT(DISTINCT(n.nid)) FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1'";
+ }
+ else {
+ $sql = "SELECT n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name FROM node n LEFT JOIN term_node r ON n.nid = r.nid LEFT JOIN users u ON n.uid = u.uid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid, n.title, n.type, n.created, n.changed, n.uid, u.name HAVING COUNT(n.nid) = ".count($taxonomy->tids)." ORDER BY static DESC, created DESC";
- // Special trick as we could not find anything better:
- $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
- $sql_count = "SELECT $count";
- }
+ // Special trick as we could not find anything better:
+ $count = db_num_rows(db_query("SELECT n.nid FROM node n LEFT JOIN term_node r ON n.nid = r.nid WHERE r.tid IN ($taxonomy->str_tids) AND n.status = '1' GROUP BY n.nid HAVING COUNT(n.nid) = ". count($taxonomy->tids)));
+ $sql_count = "SELECT $count";
+ }
- if ($pager) {
- $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count);
- }
- else {
- $result = db_query_range($sql, 0, 15);
+ if ($pager) {
+ $result = pager_query($sql, variable_get("default_nodes_main", 10) , 0, $sql_count);
+ }
+ else {
+ $result = db_query_range($sql, 0, 15);
+ }
}
return $result;