From 6d99ee361261f7becd9abeba66811482f269ccc5 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 25 Feb 2010 17:18:20 -0500 Subject: [PATCH] Security issue: Adding Security::remove_XSS function --- main/dropbox/dropbox_download.php | 6 ++-- main/dropbox/dropbox_functions.inc.php | 43 +++++++++----------------- 2 files changed, 17 insertions(+), 32 deletions(-) diff --git a/main/dropbox/dropbox_download.php b/main/dropbox/dropbox_download.php index 55e340bb7b..accba12125 100755 --- a/main/dropbox/dropbox_download.php +++ b/main/dropbox/dropbox_download.php @@ -128,7 +128,7 @@ else $work = new Dropbox_work($_GET['id']); $path = dropbox_cnf("sysPath") . "/" . $work -> filename; //path to file as stored on server $file = $work->title; - require_once(api_get_path(LIBRARY_PATH) . '/document.lib.php'); + require_once api_get_path(LIBRARY_PATH) . '/document.lib.php'; $mimetype = DocumentManager::file_get_mime_type(TRUE); $fileparts = explode( '.', $file); $filepartscount = count( $fileparts); @@ -336,7 +336,7 @@ if ( !is_file( $path)) SEND HEADERS ============================================================================== */ -require_once(api_get_path(LIBRARY_PATH) . '/document.lib.php'); +require_once api_get_path(LIBRARY_PATH) . '/document.lib.php'; $mimetype = DocumentManager::file_get_mime_type(TRUE); $fileparts = explode( '.', $file); @@ -409,4 +409,4 @@ exit( ); * Solution: Make sure your download script/section is off in its own directory. and add the following to your .htaccess file for that directory: * php_flag zlib.output_compression off */ -?> +?> \ No newline at end of file diff --git a/main/dropbox/dropbox_functions.inc.php b/main/dropbox/dropbox_functions.inc.php index 461d12a5c9..f8e30a1d06 100755 --- a/main/dropbox/dropbox_functions.inc.php +++ b/main/dropbox/dropbox_functions.inc.php @@ -186,7 +186,7 @@ function delete_category($action, $id) function display_move_form($part, $id, $target=array()) { echo '
'.get_lang('MoveFileTo').'
'; - echo '
'; + echo ''; echo ''; echo ''; echo ' @@ -197,25 +197,21 @@ function display_move_form($part, $id, $target=array())
'; echo ''; echo '
'; - echo ' -
+ echo '
-
- '; +
'; echo '
'; - echo '
'; } @@ -242,8 +238,7 @@ function store_move($id, $target, $part) { $sql="UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."' WHERE dest_user_id='".Database::escape_string($_user['user_id'])."' - AND file_id='".Database::escape_string($id)."' - "; + AND file_id='".Database::escape_string($id)."'"; Database::query($sql); $return_message=get_lang('ReceivedFileMoved'); } @@ -251,14 +246,11 @@ function store_move($id, $target, $part) { $sql="UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."' WHERE uploader_id='".Database::escape_string($_user['user_id'])."' - AND id='".Database::escape_string($id)."' - "; + AND id='".Database::escape_string($id)."'"; Database::query($sql); $return_message=get_lang('SentFileMoved'); } - } - else - { + } else { $return_message=get_lang('NotMovedError'); } return $return_message; @@ -344,8 +336,7 @@ function get_dropbox_categories($filter='') $sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' $condition_session"; $result=Database::query($sql); - while ($row=Database::fetch_array($result)) - { + while ($row=Database::fetch_array($result)) { if(($filter=='sent' AND $row['sent']==1) OR ($filter=='received' AND $row['received']==1) OR $filter=='') { $return_array[$row['cat_id']]=$row; @@ -704,7 +695,7 @@ function display_add_form() * returns username or false if user isn't registered anymore * @todo check if this function is still necessary. There might be a library function for this. */ -function getUserNameFromId ( $id) // RH: Mailing: return 'Mailing ' + id +function getUserNameFromId ($id) // RH: Mailing: return 'Mailing ' + id { global $dropbox_cnf; @@ -757,7 +748,7 @@ function isCourseMember( $user_id) * Checks if there are files in the dropbox_file table that aren't used anymore in dropbox_person table. * If there are, all entries concerning the file are deleted from the db + the file is deleted from the server */ -function removeUnusedFiles( ) +function removeUnusedFiles() { // select all files that aren't referenced anymore $sql = "SELECT DISTINCT f.id, f.filename @@ -1109,9 +1100,7 @@ function display_user_link_work($user_id, $name='') */ function feedback($array) { - - foreach ($array as $key=>$value) - { + foreach ($array as $key=>$value) { $output.=format_feedback($value); } $output.=feedback_form(); @@ -1258,8 +1247,7 @@ function zip_download ($array) $temp_zip_file=$temp_zip_dir.'/'.$name; $zip_folder=new PclZip($temp_zip_file); - foreach ($files as $key=>$value) - { + foreach ($files as $key=>$value) { // met hernoemen van de files in de zip $zip_folder->add(api_get_path(SYS_COURSE_PATH).$_course['path']."/dropbox/".$value['filename'],PCLZIP_OPT_REMOVE_PATH, api_get_path(SYS_COURSE_PATH).$_course['path']."/dropbox", PCLZIP_CB_PRE_ADD, 'my_pre_add_callback'); // zonder hernoemen van de files in de zip @@ -1271,8 +1259,7 @@ function zip_download ($array) $overview_file=$temp_zip_dir.'/overview.html'; $handle=fopen($overview_file,'w'); fwrite($handle,$overview_file_content); - - + // send the zip file DocumentManager::file_send_for_download($temp_zip_file,true,$name); exit; @@ -1285,10 +1272,8 @@ function zip_download ($array) * @author Patrick Cool , Ghent University * @version march 2006 */ -function my_pre_add_callback($p_event, &$p_header) -{ +function my_pre_add_callback($p_event, &$p_header) { global $files; - $p_header['stored_filename']=$files[$p_header['stored_filename']]['title']; return 1; }