lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance protection

Browse Source
This commit is contained in:
Laurent Destailleur 2011-11-09 14:10:49 +01:00
parent 2e702cceff
commit 2caf178882
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/test.php

7
htdocs/main.inc.php
View File

@ -85,13 +85,16 @@ function test_sql_and_script_inject($val, $type)
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript:
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
$sql_inj += preg_match('/<script/i', $val);
$sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/i', $val);
if ($type == 1)
{
$sql_inj += preg_match('/img[\s]+src/i', $val);
$sql_inj += preg_match('/style[\s]*=/i', $val);
$sql_inj += preg_match('/javascript:/i', $val);
$sql_inj += preg_match('/vbscript:/i', $val);
}
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value