From c2e1ab4765ea69112791df3607faadf1bbf8b9c9 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 01 May 2013 07:26:07 -0400
Subject: [PATCH] Escape user input values when used in eval()
---
program/lib/Roundcube/rcube_utils.php | 74 +++++++-----------------------------
1 files changed, 15 insertions(+), 59 deletions(-)
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index df77dfe..fabe0f0 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -2,8 +2,6 @@
/*
+-----------------------------------------------------------------------+
- | program/include/rcube_utils.php |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2008-2012, The Roundcube Dev Team |
| Copyright (C) 2011-2012, Kolab Systems AG |
@@ -19,7 +17,6 @@
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
-
/**
* Utility class providing common functions
@@ -159,7 +156,7 @@
{
// IPv6, but there's no build-in IPv6 support
if (strpos($ip, ':') !== false && !defined('AF_INET6')) {
- $parts = explode(':', $domain_part);
+ $parts = explode(':', $ip);
$count = count($parts);
if ($count > 8 || $count < 2) {
@@ -430,59 +427,6 @@
else {
return asciiwords($str, true, '_');
}
- }
-
-
- /**
- * Create an edit field for inclusion on a form
- *
- * @param string col field name
- * @param string value field value
- * @param array attrib HTML element attributes for field
- * @param string type HTML element type (default 'text')
- *
- * @return string HTML field definition
- */
- public static function get_edit_field($col, $value, $attrib, $type = 'text')
- {
- static $colcounts = array();
-
- $fname = '_'.$col;
- $attrib['name'] = $fname . ($attrib['array'] ? '[]' : '');
- $attrib['class'] = trim($attrib['class'] . ' ff_' . $col);
-
- if ($type == 'checkbox') {
- $attrib['value'] = '1';
- $input = new html_checkbox($attrib);
- }
- else if ($type == 'textarea') {
- $attrib['cols'] = $attrib['size'];
- $input = new html_textarea($attrib);
- }
- else if ($type == 'select') {
- $input = new html_select($attrib);
- $input->add('---', '');
- $input->add(array_values($attrib['options']), array_keys($attrib['options']));
- }
- else if ($attrib['type'] == 'password') {
- $input = new html_passwordfield($attrib);
- }
- else {
- if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden') {
- $attrib['type'] = 'text';
- }
- $input = new html_inputfield($attrib);
- }
-
- // use value from post
- if (isset($_POST[$fname])) {
- $postvalue = self::get_input_value($fname, self::INPUT_POST, true);
- $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
- }
-
- $out = $input->show($value);
-
- return $out;
}
@@ -785,8 +729,20 @@
return $date;
}
- // support non-standard "GMTXXXX" literal
- $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
+ // Clean malformed data
+ $date = preg_replace(
+ array(
+ '/GMT\s*([+-][0-9]+)/', // support non-standard "GMTXXXX" literal
+ '/[^a-z0-9\x20\x09:+-]/i', // remove any invalid characters
+ '/\s*(Mon|Tue|Wed|Thu|Fri|Sat|Sun)\s*/i', // remove weekday names
+ ),
+ array(
+ '\\1',
+ '',
+ '',
+ ), $date);
+
+ $date = trim($date);
// if date parsing fails, we have a date in non-rfc format.
// remove token from the end and try again
--
Gitblit v1.9.1