From b3ce7915610a6d272cc38ecd2a8b61e04ee4aeae Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 16 Feb 2007 19:35:03 +0000 Subject: Better input checking on GET and POST vars --- program/include/main.inc | 4 ++-- program/steps/mail/folders.inc | 8 ++++---- program/steps/mail/func.inc | 10 +++++----- program/steps/mail/list.inc | 4 +--- program/steps/mail/mark.inc | 6 +++--- program/steps/mail/move_del.inc | 19 ++++++++++--------- program/steps/mail/show.inc | 2 +- program/steps/settings/delete_identity.inc | 6 ++---- program/steps/settings/manage_folders.inc | 12 ++++++------ 9 files changed, 34 insertions(+), 37 deletions(-) (limited to 'program') diff --git a/program/include/main.inc b/program/include/main.inc index d914e3ecb..88c22b85e 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1689,12 +1689,12 @@ function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'st function parse_attrib_string($str) { $attrib = array(); - preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER); + preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER); // convert attributes to an associative array (name => value) if ($regs) foreach ($regs as $attr) - $attrib[strtolower($attr[1])] = $attr[2]; + $attrib[strtolower($attr[1])] = $attr[3]; return $attrib; } diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc index 2d160325a..1b7007c39 100644 --- a/program/steps/mail/folders.inc +++ b/program/steps/mail/folders.inc @@ -25,10 +25,10 @@ $mbox_name = $IMAP->get_mailbox_name(); // send EXPUNGE command if ($_action=='expunge') { - $success = $IMAP->expunge($_GET['_mbox']); + $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET)); // reload message list if current mailbox - if ($success && $_GET['_reload']) + if ($success && !empty($_GET['_reload'])) { rcube_remote_response('this.message_list.clear();', TRUE); $_action = 'list'; @@ -41,9 +41,9 @@ if ($_action=='expunge') // clear mailbox else if ($_action=='purge') { - $success = $IMAP->clear_mailbox($_GET['_mbox']); + $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET)); - if ($success && $_GET['_reload']) + if ($success && !empty($_GET['_reload'])) { $commands = "this.message_list.clear();\n"; $commands .= "this.set_env('messagecount', 0);\n"; diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 037e83f29..ec257b69b 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -30,16 +30,16 @@ if (empty($_SESSION['mbox'])){ } // set imap properties and session vars -if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) +if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC)) { $IMAP->set_mailbox($mbox); $_SESSION['mbox'] = $mbox; } -if (strlen($_GET['_page'])) +if (!empty($_GET['_page'])) { - $IMAP->set_page($_GET['_page']); - $_SESSION['page'] = $_GET['_page']; + $IMAP->set_page((int)$_GET['_page']); + $_SESSION['page'] = (int)$_GET['_page']; } // set mailbox to INBOX if not set @@ -59,7 +59,7 @@ if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']])) // define url for getting message parts if (strlen($_GET['_uid'])) - $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']); + $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET)); // set current mailbox in client environment diff --git a/program/steps/mail/list.inc b/program/steps/mail/list.inc index 9e3b38d57..6e0637441 100644 --- a/program/steps/mail/list.inc +++ b/program/steps/mail/list.inc @@ -22,10 +22,8 @@ $REMOTE_REQUEST = TRUE; $OUTPUT_TYPE = 'js'; -$sort = isset($_GET['_sort']) ? $_GET['_sort'] : false; - // is there a sort type for this request? -if ($sort) +if ($sort = get_input_value('_sort', RCUBE_INPUT_GET)) { // yes, so set the sort vars list($sort_col, $sort_order) = explode('_', $sort); diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc index e6e06f976..780bf5c6e 100644 --- a/program/steps/mail/mark.inc +++ b/program/steps/mail/mark.inc @@ -25,10 +25,10 @@ $a_flags_map = array('undelete' => 'UNDELETED', 'read' => 'SEEN', 'unread' => 'UNSEEN'); -if ($_GET['_uid'] && $_GET['_flag']) +if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET))) { - $flag = $a_flags_map[$_GET['_flag']] ? $a_flags_map[$_GET['_flag']] : strtoupper($_GET['_flag']); - $marked = $IMAP->set_flag($_GET['_uid'], $flag); + $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag); + $marked = $IMAP->set_flag($uids, $flag); if ($marked != -1) { $mbox_name = $IMAP->get_mailbox_name(); diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc index b0079f75f..8d31e3aa5 100644 --- a/program/steps/mail/move_del.inc +++ b/program/steps/mail/move_del.inc @@ -22,10 +22,11 @@ $REMOTE_REQUEST = TRUE; // move messages -if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox']) +if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox'])) { - $count = sizeof(explode(',', $_GET['_uid'])); - $moved = $IMAP->move_message($_GET['_uid'], $_GET['_target_mbox'], $_GET['_mbox']); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); + $target = get_input_value('_target_mbox', RCUBE_INPUT_GET); + $moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET)); if (!$moved) { @@ -38,10 +39,10 @@ if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox']) } // delete messages -else if ($_action=='delete' && $_GET['_uid']) +else if ($_action=='delete' && !empty($_GET['_uid'])) { - $count = sizeof(explode(',', $_GET['_uid'])); - $del = $IMAP->delete_message($_GET['_uid'], $_GET['_mbox']); + $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET)))); + $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET)); if (!$del) { @@ -60,7 +61,7 @@ else } // refresh saved seach set after moving some messages -if (($search_request = $_GET['_search']) && $IMAP->search_set) +if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && $IMAP->search_set) $_SESSION['search'][$search_request] = $IMAP->refresh_search(); @@ -75,8 +76,8 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages); $mbox = $IMAP->get_mailbox_name(); $commands .= sprintf("this.set_unread_count('%s', %d);\n", $mbox, $IMAP->messagecount($mbox, 'UNSEEN')); -if ($_action=='moveto') - $commands .= sprintf("this.set_unread_count('%s', %d);\n", $_GET['_target_mbox'], $IMAP->messagecount($_GET['_target_mbox'], 'UNSEEN')); +if ($_action=='moveto' && $target) + $commands .= sprintf("this.set_unread_count('%s', %d);\n", $target, $IMAP->messagecount($target, 'UNSEEN')); $commands .= sprintf("this.set_quota('%s');\n", $IMAP->get_quota()); diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index b1fa7cfb7..841a41b36 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -64,7 +64,7 @@ if ($_GET['_uid']) // mark message as read if (!$MESSAGE['headers']->seen && $_action != 'preview') - $IMAP->set_flag($_GET['_uid'], 'SEEN'); + $IMAP->set_flag($MESSAGE['UID'], 'SEEN'); // give message uid to the client $javascript = sprintf("%s.set_env('uid', '%s');\n", $JS_OBJECT_NAME, $MESSAGE['UID']); diff --git a/program/steps/settings/delete_identity.inc b/program/steps/settings/delete_identity.inc index 24bf99c43..560a2b10b 100644 --- a/program/steps/settings/delete_identity.inc +++ b/program/steps/settings/delete_identity.inc @@ -19,14 +19,12 @@ */ -$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE; - -if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid'])) +if (($ids = get_input_value('_iid', RCUBE_INPUT_GET)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $ids)) { $DB->query("UPDATE ".get_table_name('identities')." SET del=1 WHERE user_id=? - AND identity_id IN (".$_GET['_iid'].")", + AND identity_id IN (".$ids.")", $_SESSION['user_id']); $count = $DB->affected_rows(); diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc index 8abd2c3b6..4759dd295 100644 --- a/program/steps/settings/manage_folders.inc +++ b/program/steps/settings/manage_folders.inc @@ -26,8 +26,8 @@ rcmail_imap_init(TRUE); // subscribe to one or more mailboxes if ($_action=='subscribe') { - if (strlen($_GET['_mboxes'])) - $IMAP->subscribe(array($_GET['_mboxes'])); + if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) + $IMAP->subscribe(array($mboxes)); if ($REMOTE_REQUEST) rcube_remote_response('// subscribed'); @@ -36,8 +36,8 @@ if ($_action=='subscribe') // unsubscribe one or more mailboxes else if ($_action=='unsubscribe') { - if (strlen($_GET['_mboxes'])) - $IMAP->unsubscribe(array($_GET['_mboxes'])); + if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET)) + $IMAP->unsubscribe(array($mboxes)); if ($REMOTE_REQUEST) rcube_remote_response('// unsubscribed'); @@ -95,8 +95,8 @@ else if ($_action=='rename-folder') // delete an existing IMAP mailbox else if ($_action=='delete-folder') { - if (!empty($_GET['_mboxes'])) - $deleted = $IMAP->delete_mailbox(array(get_input_value('_mboxes', RCUBE_INPUT_GET))); + if (get_input_value('_mboxes', RCUBE_INPUT_GET)) + $deleted = $IMAP->delete_mailbox(array($mboxes)); if ($REMOTE_REQUEST && $deleted) { -- cgit v1.2.3