From 1139530fbf3fb0fdce1bf5cfee311cd6f0fbf816 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Mon, 14 Oct 2013 10:04:06 -0400
Subject: [PATCH] Merge remote-tracking branch 'origin/stable-3.0.5'

---
 interface/web/admin/language_import.php |   94 +++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 91 insertions(+), 3 deletions(-)

diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index 285be11..c25406a 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -30,12 +30,94 @@
 require_once('../../lib/config.inc.php');
 require_once('../../lib/app.inc.php');
 
+function normalize_string($string, $quote, $allow_special = false) {
+    $escaped = false;
+    $in_string = true;
+    $new_string = '';
+    
+    for($c = 0; $c < mb_strlen($string); $c++) {
+        $char = $string{$c};
+        
+        if($in_string === true && $escaped === false && $char === $quote) {
+            // this marks a string end (e.g. for concatenation)
+            $in_string = false;
+            continue;
+        } elseif($in_string === false) {
+            if($escaped === false && $char === $quote) {
+                $in_string = true;
+                continue;
+            } else {
+                continue; // we strip everything from outside the string!
+            }
+        }
+        
+        if($char === '"' && $escaped === true && $quote === '"') {
+            // unescape this
+            $new_string .= $char;
+            $escaped = false;
+            continue;
+        } elseif($char === "'" && $escaped === false && $quote === '"') {
+            // escape this
+            $new_string .= '\\' . $char;
+            continue;
+        }
+        
+        if($escaped === true) {
+            // the next character is the escaped one.
+            if($allow_special === true && ($char === 'n' || $char === 'r' || $char === 't')) {
+                $new_string .= '\' . "\\' . $char . '" . \'';
+            } else {
+                $new_string .= '\\' . $char;
+            }
+            $escaped = false;
+        } else {
+            if($char === '\\') {
+                $escaped = true;
+            } else {
+                $new_string .= $char;
+            }
+        }
+    }
+    return $new_string;
+}
+
+function validate_line($line) {
+    $line = trim($line);
+    if($line === '' || $line === '<?php' || $line === '?>') return $line; // don't treat empty lines as malicious
+    
+    $ok = preg_match('/^\s*\$wb\[(["\'])(.*?)\\1\]\s*=\s*(["\'])(.*?)\\3\s*;\s*$/', $line, $matches);
+    if(!$ok) return false; // this line has invalid form and could lead to malfunction
+    
+    $keyquote = $matches[1]; // ' or "
+    $key = $matches[2];
+    if(strpos($key, '"') !== false || strpos($key, "'") !== false) return false;
+    
+    $textquote = $matches[3]; // ' or "
+    $text = $matches[4];
+
+    $new_line = '$wb[\'';
+    
+    // validate the language key
+    $key = normalize_string($key, $keyquote);
+    
+    $new_line .= $key . '\'] = \'';
+    
+    // validate this text to avoid code injection
+    $text = normalize_string($text, $textquote, true);
+    
+    $new_line .= $text . '\';';
+    
+    return $new_line;
+}
+
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
 if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+
+if(!$conf['language_file_import_enabled']) $app->error('Languge import function is disabled in the interface config.inc.php file.');
 
 $app->uses('tpl');
 
@@ -58,7 +140,9 @@
 			$buffer = '';
 			$langfile_path = '';
 			// all other lines
+            $ln = 1;
 			foreach($lines as $line) {
+                $ln++;
 				$parts = explode('|',$line);
 				if(is_array($parts) && count($parts) > 0 && $parts[0] == '--') {
 					// Write language file, if its not the first file
@@ -77,14 +161,18 @@
 					$file_name = trim($parts[3]);
 					if(!preg_match("/^[a-z]{2}$/i", $selected_language)) die("unallowed characters in selected language name: $selected_language");
 					if(!preg_match("/^[a-z_]+$/i", $module_name)) die('unallowed characters in module name.');
-					if(!preg_match("/^[a-z\._]+$/i", $file_name) || stristr($file_name,'..')) die("unallowed characters in language file name: '$file_name'");
+					if(!preg_match("/^[a-z\._\-]+$/i", $file_name) || stristr($file_name,'..')) die("unallowed characters in language file name: '$file_name'");
 					if($module_name == 'global') {
 						$langfile_path = trim(ISPC_LIB_PATH."/lang/".$selected_language.".lng");
 					} else {
 						$langfile_path = trim(ISPC_WEB_PATH.'/'.$module_name.'/lib/lang/'.$file_name);
 					}
-				} else {
-					$buffer .= trim($line)."\n";
+				} elseif(is_array($parts) && count($parts) > 1 && $parts[0] == '---' && $parts[1] == 'EOF') {
+                    // EOF line, ignore it.
+                } else {
+                    $line = validate_line($line);
+                    if($line === false) $error .= "Language file contains invalid language entry on line $ln.<br />";
+					else $buffer .= $line."\n";
 				}
 			}
 		}

--
Gitblit v1.9.1