[svn r14482] Partial fix to security flaw from kses library (see FS#2312)

main/inc/lib/kses-0.2.2/kses.php

@@ -469,10 +469,12 @@ function kses_bad_protocol_once($string, $allowed_protocols)
 # handling whitespace and HTML entities.
 ###############################################################################
 {
-  return preg_replace('/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-                      '(:|:|&#[Xx]3[Aa];)\s*/e',
-                      'kses_bad_protocol_once2("\\1", $allowed_protocols)',
-                      $string);
+	$string2 = preg_split('/:|:|:/i', $string, 2);
+	if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
+	{
+		$string = kses_bad_protocol_once2($string2[0],$allowed_protocols).trim($string2[1]);
+	}
+	return $string;
 } # function kses_bad_protocol_once
 
 

main/inc/lib/kses-0.2.2/oop/php4.class.kses.php

@@ -71,10 +71,10 @@
 	*	+ Deprecated _hook(), Protocols()
 	*	+ Integrated code from kses 0.2.2 into class.
 	*
-	*	@author     Richard R. Vásquez, Jr. (Original procedural code by Ulf Härnhammar)
+	*	@author     Richard R. V<EFBFBD>squez, Jr. (Original procedural code by Ulf H<EFBFBD>rnhammar)
 	*	@link       http://sourceforge.net/projects/kses/ Home Page for Kses
 	*	@link       http://chaos.org/contact/ Contact page with current email address for Richard Vasquez
-	*	@copyright  Richard R. Vásquez, Jr. 2003-2005
+	*	@copyright  Richard R. V<EFBFBD>squez, Jr. 2003-2005
 	*	@version    PHP4 OOP 0.2.2
 	*	@license    http://www.gnu.org/licenses/gpl.html GNU Public License
 	*	@package    kses
@@ -931,6 +931,7 @@
 			 *
 			 *	This function searches for URL protocols at the beginning of $string, while
 			 *	handling whitespace and HTML entities.
+			 *  Function updated to fix security vulnerability (see http://projects.dokeos.com/index.php?do=details&task_id=2312)
 			 *
 			 *	@access private
 			 *	@param string $string String to check for protocols
@@ -940,14 +941,13 @@
 			 */
 			function _bad_protocol_once($string)
 			{
-				return preg_replace(
-					'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-					'(:|&#58;|&#[Xx]3[Aa];)\s*/e',
-					'\$this->_bad_protocol_once2("\\1")',
-					$string
-				);
+				$string2 = preg_split('/:|&#58;|&#x3a;/i', $string, 2);
+				if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
+				{
+					$string = $this->_bad_protocol_once2($string2[0]).trim($string2[1]);
+				}
+				return $string;
 			}
-
 			/**
 			 *	Helper method used by _bad_protocol_once() regex
 			 *

main/inc/lib/kses-0.2.2/oop/php5.class.kses.php

@@ -96,10 +96,10 @@
 	*	+ Integrated code from kses 0.2.2 into class.
 	*	+ Added methods DumpProtocols(), DumpMethods()
 	*
-	*	@author     Richard R. Vásquez, Jr. (Original procedural code by Ulf Härnhammar)
+	*	@author     Richard R. V<EFBFBD>squez, Jr. (Original procedural code by Ulf H<EFBFBD>rnhammar)
 	*	@link       http://sourceforge.net/projects/kses/ Home Page for Kses
 	*	@link       http://chaos.org/contact/ Contact page with current email address for Richard Vasquez
-	*	@copyright  Richard R. Vásquez, Jr. 2005
+	*	@copyright  Richard R. V<EFBFBD>squez, Jr. 2005
 	*	@version    PHP5 OOP 1.0.2
 	*	@license    http://www.gnu.org/licenses/gpl.html GNU Public License
 	*	@package    kses
@@ -924,17 +924,11 @@
 				$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature"
 				$string2 = $string . 'a';
 
-				while ($string != $string2)
+				$string2 = preg_split('/:|&#58;|&#x3a;/i', $string, 2);
+				if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
 				{
-					$string2 = $string;
-					$string  =  preg_replace(
-										'/^((&[^;]*;|[\sA-Za-z0-9])*)'.
-										'(:|&#58;|&#[Xx]3[Aa];)\s*/e',
-										'\$this->filterProtocols("\\1")',
-										$string
-									);
+					$string = $this->filterProtocols($string2[0]).trim($string2[1]);
 				}
-
 				return $string;
 			}