Security: NUL characters are now stripped from GPC; several code readability standards changes
authorDan
Fri, 22 Jun 2007 18:42:26 -0400
changeset 14 ce6053bb48d8
parent 13 fdd6b9dd42c3
child 15 ad5986a53197
Security: NUL characters are now stripped from GPC; several code readability standards changes
TODO
includes/clientside/static/windows.js
includes/functions.php
--- a/TODO	Fri Jun 22 10:31:59 2007 -0400
+++ b/TODO	Fri Jun 22 18:42:26 2007 -0400
@@ -24,6 +24,10 @@
 [x] Change the string shown on a successful re-auth into elevated privileges
     [x] ...and write a function that converts a numeric userlevel to a string
 [x] Make Special:Login remember parameters (target level, target page) even on auth fail
+[ ] Register users_extra table in system tables list (already done?)
+[x] Trigger form submit on press of enter in Dynano login form
+[ ] Rewrite the change theme dialog - it's archaic code that hasn't changed since beta 1!
+    [ ] This should be the next-to-last step in phasing out the JWS code, which should be removed in the first 1.1 alpha
 
 
 Enano Clurichaun - TODO
--- a/includes/clientside/static/windows.js	Fri Jun 22 10:31:59 2007 -0400
+++ b/includes/clientside/static/windows.js	Fri Jun 22 18:42:26 2007 -0400
@@ -158,18 +158,27 @@
 // Source: http://www.aspandjavascript.co.uk/javascript/javascript_api/get_element_width_height.asp
 
 function getElementHeight(Elem) {
-  if (ns4) {
+  if (ns4) 
+  {
     var elem = getObjNN4(document, Elem);
     return elem.clip.height;
-  } else {
-    if(document.getElementById) {
+  } 
+  else
+  {
+    if(document.getElementById) 
+    {
       var elem = document.getElementById(Elem);
-    } else if (document.all){
+    }
+    else if (document.all)
+    {
       var elem = document.all[Elem];
     }
-    if (op5) { 
+    if (op5) 
+    { 
       xPos = elem.style.pixelHeight;
-    } else {
+    }
+    else
+    {
       xPos = elem.offsetHeight;
     }
     return xPos;
--- a/includes/functions.php	Fri Jun 22 10:31:59 2007 -0400
+++ b/includes/functions.php	Fri Jun 22 18:42:26 2007 -0400
@@ -863,11 +863,17 @@
  
 function enano_str_split($text, $inc = 1)
 {
-  if($inc < 1) return false;
-  if($inc >= strlen($text)) return Array($text);
+  if($inc < 1) 
+  {
+    return false;
+  }
+  if($inc >= strlen($text))
+  {
+    return Array($text);
+  }
   $len = ceil(strlen($text) / $inc);
   $ret = Array();
-  for($i=0;$i<strlen($text);$i=$i+$inc)
+  for ( $i = 0; $i < strlen($text); $i = $i + $inc )
   {
     $ret[] = substr($text, $i, $inc);
   }
@@ -967,8 +973,27 @@
 }
 
 /**
+ * Recursive function to remove all NUL bytes from a string
+ * @param array
+ * @return array
+ */
+ 
+function strip_nul_chars($arr)
+{
+  foreach($arr as $k => $xxxx_unused)
+  {
+    $val =& $arr[$k];
+    if(is_string($val))
+      $val = str_replace("\000", '', $val);
+    elseif(is_array($val))
+      $val = strip_nul_chars($val);
+  }
+  return $arr;
+}
+
+/**
  * If magic_quotes_gpc is on, calls stripslashes() on everything in $_GET/$_POST/$_COOKIE
- * @ignore - this doesn't work
+ * @ignore - this doesn't work too well in my tests
  * @todo port version from the PHP manual
  * @return void
  */
@@ -980,6 +1005,9 @@
     $_GET    = stripslashes_recurse($_GET);
     $_COOKIE = stripslashes_recurse($_COOKIE);
   }
+  $_POST   = strip_nul_chars($_POST);
+  $_GET    = strip_nul_chars($_GET);
+  $_COOKIE = strip_nul_chars($_COOKIE);
 }
 
 /**