spip /
SPIP
@@ -14,8 +14,9 @@ discard block |
||
| 14 | 14 | /* |
| 15 | 15 | * Test utilisateur |
| 16 | 16 | */ |
| 17 | -if (isset($_GET['test_ecran_securite'])) |
|
| 17 | +if (isset($_GET['test_ecran_securite'])) { |
|
| 18 | 18 | $ecran_securite_raison = 'test '._ECRAN_SECURITE; |
| 19 | +} |
|
| 19 | 20 | |
| 20 | 21 | /* |
| 21 | 22 | * Monitoring |
@@ -198,18 +199,21 @@ discard block |
||
| 198 | 199 | * (id_base est une variable de la config des widgets de WordPress) |
| 199 | 200 | */ |
| 200 | 201 | $_exceptions = array('id_table','id_base','id_parent','id_article_pdf'); |
| 201 | -foreach ($_GET as $var => $val) |
|
| 202 | +foreach ($_GET as $var => $val) { |
|
| 202 | 203 | if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
| 203 | 204 | and !in_array($var, $_exceptions)) |
| 204 | 205 | $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
| 205 | -foreach ($_POST as $var => $val) |
|
| 206 | +} |
|
| 207 | +foreach ($_POST as $var => $val) { |
|
| 206 | 208 | if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
| 207 | 209 | and !in_array($var, $_exceptions)) |
| 208 | 210 | $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
| 209 | -foreach ($GLOBALS as $var => $val) |
|
| 211 | +} |
|
| 212 | +foreach ($GLOBALS as $var => $val) { |
|
| 210 | 213 | if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
| 211 | 214 | and !in_array($var, $_exceptions)) |
| 212 | 215 | $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
| 216 | +} |
|
| 213 | 217 | |
| 214 | 218 | /* |
| 215 | 219 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -221,11 +225,13 @@ discard block |
||
| 221 | 225 | * Contrôle de quelques variables (XSS) |
| 222 | 226 | */ |
| 223 | 227 | foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
| 224 | - if (isset($_GET[$var])) |
|
| 225 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 226 | - if (isset($_POST[$var])) |
|
| 227 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 228 | -} |
|
| 228 | + if (isset($_GET[$var])) { |
|
| 229 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 230 | + } |
|
| 231 | + if (isset($_POST[$var])) { |
|
| 232 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 233 | + } |
|
| 234 | + } |
|
| 229 | 235 | |
| 230 | 236 | /* |
| 231 | 237 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
@@ -239,41 +245,49 @@ discard block |
||
| 239 | 245 | */ |
| 240 | 246 | if (isset($_REQUEST['mode']) and isset($_REQUEST['page']) |
| 241 | 247 | and !in_array($_REQUEST['mode'], array("6forum", "1comite")) |
| 242 | -and $_REQUEST['page'] == "identifiants") |
|
| 248 | +and $_REQUEST['page'] == "identifiants") { |
|
| 243 | 249 | $ecran_securite_raison = "identifiants"; |
| 250 | +} |
|
| 244 | 251 | |
| 245 | 252 | /* |
| 246 | 253 | * Agenda joue à l'injection php |
| 247 | 254 | */ |
| 248 | 255 | if (isset($_REQUEST['partie_cal']) |
| 249 | -and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
|
| 256 | +and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) { |
|
| 250 | 257 | $ecran_securite_raison = "partie_cal"; |
| 258 | +} |
|
| 251 | 259 | if (isset($_REQUEST['echelle']) |
| 252 | -and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
|
| 260 | +and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) { |
|
| 253 | 261 | $ecran_securite_raison = "echelle"; |
| 262 | +} |
|
| 254 | 263 | |
| 255 | 264 | /* |
| 256 | 265 | * Espace privé |
| 257 | 266 | */ |
| 258 | 267 | if (isset($_REQUEST['exec']) |
| 259 | -and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
|
| 268 | +and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) { |
|
| 260 | 269 | $ecran_securite_raison = "exec"; |
| 270 | +} |
|
| 261 | 271 | if (isset($_REQUEST['cherche_auteur']) |
| 262 | -and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
|
| 272 | +and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) { |
|
| 263 | 273 | $ecran_securite_raison = "cherche_auteur"; |
| 274 | +} |
|
| 264 | 275 | if (isset($_REQUEST['exec']) |
| 265 | 276 | and $_REQUEST['exec'] == 'auteurs' |
| 266 | -and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
|
| 277 | +and preg_match(',[<],', (string)$_REQUEST['recherche'])) { |
|
| 267 | 278 | $ecran_securite_raison = "recherche"; |
| 279 | +} |
|
| 268 | 280 | if (isset($_REQUEST['exec']) |
| 269 | 281 | and $_REQUEST['exec'] == 'info_plugin' |
| 270 | -and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
|
| 282 | +and preg_match(',[<],', (string)$_REQUEST['plugin'])) { |
|
| 271 | 283 | $ecran_securite_raison = "plugin"; |
| 284 | +} |
|
| 272 | 285 | if (isset($_REQUEST['exec']) |
| 273 | 286 | and $_REQUEST['exec'] == 'puce_statut' |
| 274 | 287 | and isset($_REQUEST['id']) |
| 275 | -and !intval($_REQUEST['id'])) |
|
| 288 | +and !intval($_REQUEST['id'])) { |
|
| 276 | 289 | $ecran_securite_raison = "puce_statut"; |
| 290 | +} |
|
| 277 | 291 | if (isset($_REQUEST['action']) |
| 278 | 292 | and $_REQUEST['action'] == 'configurer') { |
| 279 | 293 | if (@file_exists('inc_version.php') |
@@ -298,21 +312,24 @@ discard block |
||
| 298 | 312 | @get_magic_quotes_gpc() ? |
| 299 | 313 | stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), |
| 300 | 314 | chr(0) |
| 301 | -) !== false) |
|
| 315 | +) !== false) { |
|
| 302 | 316 | $ecran_securite_raison = "%00"; |
| 317 | +} |
|
| 303 | 318 | |
| 304 | 319 | /* |
| 305 | 320 | * Bloque les requêtes fond=formulaire_ |
| 306 | 321 | */ |
| 307 | 322 | if (isset($_REQUEST['fond']) |
| 308 | -and preg_match(',^formulaire_,i', $_REQUEST['fond'])) |
|
| 323 | +and preg_match(',^formulaire_,i', $_REQUEST['fond'])) { |
|
| 309 | 324 | $ecran_securite_raison = "fond=formulaire_"; |
| 325 | +} |
|
| 310 | 326 | |
| 311 | 327 | /* |
| 312 | 328 | * Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php) |
| 313 | 329 | */ |
| 314 | -if (isset($_REQUEST['GLOBALS'])) |
|
| 330 | +if (isset($_REQUEST['GLOBALS'])) { |
|
| 315 | 331 | $ecran_securite_raison = "GLOBALS[GLOBALS]"; |
| 332 | +} |
|
| 316 | 333 | |
| 317 | 334 | /* |
| 318 | 335 | * Bloque les requêtes des bots sur: |
@@ -325,29 +342,34 @@ discard block |
||
| 325 | 342 | or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_') ) |
| 326 | 343 | or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI'])) |
| 327 | 344 | ) |
| 328 | -) |
|
| 345 | +) { |
|
| 329 | 346 | $ecran_securite_raison = "robot agenda/double pagination"; |
| 347 | +} |
|
| 330 | 348 | |
| 331 | 349 | /* |
| 332 | 350 | * Bloque une vieille page de tests de CFG (<1.11) |
| 333 | 351 | * Bloque un XSS sur une page inexistante |
| 334 | 352 | */ |
| 335 | 353 | if (isset($_REQUEST['page'])) { |
| 336 | - if ($_REQUEST['page'] == 'test_cfg') |
|
| 337 | - $ecran_securite_raison = "test_cfg"; |
|
| 338 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 339 | - $ecran_securite_raison = "xsspage"; |
|
| 354 | + if ($_REQUEST['page'] == 'test_cfg') { |
|
| 355 | + $ecran_securite_raison = "test_cfg"; |
|
| 356 | + } |
|
| 357 | + if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) { |
|
| 358 | + $ecran_securite_raison = "xsspage"; |
|
| 359 | + } |
|
| 340 | 360 | if ($_REQUEST['page'] == '404' |
| 341 | - and isset($_REQUEST['erreur'])) |
|
| 342 | - $ecran_securite_raison = "xss404"; |
|
| 343 | -} |
|
| 361 | + and isset($_REQUEST['erreur'])) { |
|
| 362 | + $ecran_securite_raison = "xss404"; |
|
| 363 | + } |
|
| 364 | + } |
|
| 344 | 365 | |
| 345 | 366 | /* |
| 346 | 367 | * XSS par array |
| 347 | 368 | */ |
| 348 | -foreach (array('var_login') as $var) |
|
| 349 | -if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) |
|
| 369 | +foreach (array('var_login') as $var) { |
|
| 370 | + if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) |
|
| 350 | 371 | $ecran_securite_raison = "xss ".$var; |
| 372 | +} |
|
| 351 | 373 | |
| 352 | 374 | /* |
| 353 | 375 | * Parade antivirale contre un cheval de troie |
@@ -357,18 +379,21 @@ discard block |
||
| 357 | 379 | function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { |
| 358 | 380 | // si jamais on est arrivé ici sur une erreur php |
| 359 | 381 | // et qu'un autre gestionnaire d'erreur est défini, l'appeller |
| 360 | - if ($b && $GLOBALS['tmp_xhgfjokl']) |
|
| 361 | - call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 382 | + if ($b && $GLOBALS['tmp_xhgfjokl']) { |
|
| 383 | + call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 384 | + } |
|
| 362 | 385 | } |
| 363 | 386 | } |
| 364 | -if (isset($_POST['tmp_lkojfghx3'])) |
|
| 387 | +if (isset($_POST['tmp_lkojfghx3'])) { |
|
| 365 | 388 | $ecran_securite_raison = "gumblar"; |
| 389 | +} |
|
| 366 | 390 | |
| 367 | 391 | /* |
| 368 | 392 | * Outils XML mal sécurisés < 2.0.9 |
| 369 | 393 | */ |
| 370 | -if (isset($_REQUEST['transformer_xml'])) |
|
| 394 | +if (isset($_REQUEST['transformer_xml'])) { |
|
| 371 | 395 | $ecran_securite_raison = "transformer_xml"; |
| 396 | +} |
|
| 372 | 397 | |
| 373 | 398 | /* |
| 374 | 399 | * Outils XML mal sécurisés again |
@@ -387,11 +412,13 @@ discard block |
||
| 387 | 412 | * Sauvegarde mal securisée < 2.0.9 |
| 388 | 413 | */ |
| 389 | 414 | if (isset($_REQUEST['nom_sauvegarde']) |
| 390 | -and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
|
| 415 | +and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) { |
|
| 391 | 416 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 417 | +} |
|
| 392 | 418 | if (isset($_REQUEST['znom_sauvegarde']) |
| 393 | -and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
|
| 419 | +and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) { |
|
| 394 | 420 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 421 | +} |
|
| 395 | 422 | |
| 396 | 423 | |
| 397 | 424 | /* |
@@ -399,8 +426,9 @@ discard block |
||
| 399 | 426 | * on vérifie 'page' pour ne pas bloquer ... drupal |
| 400 | 427 | */ |
| 401 | 428 | if (isset($_REQUEST['op']) and isset($_REQUEST['page']) |
| 402 | -and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) |
|
| 429 | +and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) { |
|
| 403 | 430 | $ecran_securite_raison = 'op'; |
| 431 | +} |
|
| 404 | 432 | |
| 405 | 433 | /* |
| 406 | 434 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
@@ -408,8 +436,9 @@ discard block |
||
| 408 | 436 | if (count($_FILES)){ |
| 409 | 437 | foreach($_FILES as $k => $v){ |
| 410 | 438 | if (preg_match(',^fichier_\d+$,', $k) |
| 411 | - and preg_match(',\.php,i', $v['name'])) |
|
| 412 | - unset($_FILES[$k]); |
|
| 439 | + and preg_match(',\.php,i', $v['name'])) { |
|
| 440 | + unset($_FILES[$k]); |
|
| 441 | + } |
|
| 413 | 442 | } |
| 414 | 443 | } |
| 415 | 444 | /* |
@@ -426,21 +455,24 @@ discard block |
||
| 426 | 455 | * reinstall=oui un peu trop permissif |
| 427 | 456 | */ |
| 428 | 457 | if (isset($_REQUEST['reinstall']) |
| 429 | -and $_REQUEST['reinstall'] == 'oui') |
|
| 458 | +and $_REQUEST['reinstall'] == 'oui') { |
|
| 430 | 459 | $ecran_securite_raison = 'reinstall=oui'; |
| 460 | +} |
|
| 431 | 461 | |
| 432 | 462 | /* |
| 433 | 463 | * Échappement xss referer |
| 434 | 464 | */ |
| 435 | -if (isset($_SERVER['HTTP_REFERER'])) |
|
| 465 | +if (isset($_SERVER['HTTP_REFERER'])) { |
|
| 436 | 466 | $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); |
| 467 | +} |
|
| 437 | 468 | |
| 438 | 469 | |
| 439 | 470 | /* |
| 440 | 471 | * Echappement HTTP_X_FORWARDED_HOST |
| 441 | 472 | */ |
| 442 | -if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) |
|
| 473 | +if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { |
|
| 443 | 474 | $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); |
| 475 | +} |
|
| 444 | 476 | |
| 445 | 477 | |
| 446 | 478 | /* |
@@ -448,9 +480,10 @@ discard block |
||
| 448 | 480 | */ |
| 449 | 481 | if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
| 450 | 482 | $zzzz = implode("", array_keys($_REQUEST)); |
| 451 | - if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
|
| 452 | - $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 453 | -} |
|
| 483 | + if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) { |
|
| 484 | + $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 485 | + } |
|
| 486 | + } |
|
| 454 | 487 | |
| 455 | 488 | /* |
| 456 | 489 | * Injection par connect |
@@ -499,8 +532,9 @@ discard block |
||
| 499 | 532 | /* |
| 500 | 533 | * Bloque les bots quand le load déborde |
| 501 | 534 | */ |
| 502 | -if (!defined('_ECRAN_SECURITE_LOAD')) |
|
| 535 | +if (!defined('_ECRAN_SECURITE_LOAD')) { |
|
| 503 | 536 | define('_ECRAN_SECURITE_LOAD', 4); |
| 537 | +} |
|
| 504 | 538 | |
| 505 | 539 | if ( |
| 506 | 540 | defined('_ECRAN_SECURITE_LOAD') |
@@ -23,18 +23,18 @@ discard block |
||
| 23 | 23 | * var_isbot=1 peut etre utilise pour monitorer la disponibilite pour les bots (sujets a 503 de delestage si |
| 24 | 24 | * le load depasse ECRAN_SECURITE_LOAD) |
| 25 | 25 | */ |
| 26 | -if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ |
|
| 26 | +if (!defined('_IS_BOT') and isset($_GET['var_isbot'])) { |
|
| 27 | 27 | define('_IS_BOT', $_GET['var_isbot'] ? true : false); |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | /* |
| 31 | 31 | * Détecteur de robot d'indexation |
| 32 | 32 | */ |
| 33 | -if (!defined('_IS_BOT')){ |
|
| 33 | +if (!defined('_IS_BOT')) { |
|
| 34 | 34 | define('_IS_BOT', |
| 35 | 35 | isset($_SERVER['HTTP_USER_AGENT']) |
| 36 | 36 | and preg_match(',' |
| 37 | - . implode ('|', array( |
|
| 37 | + . implode('|', array( |
|
| 38 | 38 | // mots generiques |
| 39 | 39 | 'bot', |
| 40 | 40 | 'slurp', |
@@ -219,19 +219,19 @@ discard block |
||
| 219 | 219 | 'yats', |
| 220 | 220 | 'yeti', |
| 221 | 221 | 'zeerch' |
| 222 | - )) . ',i', |
|
| 223 | - (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 222 | + )).',i', |
|
| 223 | + (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 224 | 224 | ); |
| 225 | 225 | } |
| 226 | -if (!defined('_IS_BOT_FRIEND')){ |
|
| 226 | +if (!defined('_IS_BOT_FRIEND')) { |
|
| 227 | 227 | define('_IS_BOT_FRIEND', |
| 228 | 228 | isset($_SERVER['HTTP_USER_AGENT']) |
| 229 | - and preg_match(',' . implode ('|', array( |
|
| 229 | + and preg_match(','.implode('|', array( |
|
| 230 | 230 | 'facebookexternalhit', |
| 231 | 231 | 'flipboardproxy', |
| 232 | 232 | 'wordpress' |
| 233 | - )) . ',i', |
|
| 234 | - (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 233 | + )).',i', |
|
| 234 | + (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 235 | 235 | ); |
| 236 | 236 | } |
| 237 | 237 | |
@@ -242,19 +242,19 @@ discard block |
||
| 242 | 242 | * (sauf pour id_table, qui n'est pas numérique jusqu'à [5743]) |
| 243 | 243 | * (id_base est une variable de la config des widgets de WordPress) |
| 244 | 244 | */ |
| 245 | -$_exceptions = array('id_table','id_base','id_parent','id_article_pdf'); |
|
| 245 | +$_exceptions = array('id_table', 'id_base', 'id_parent', 'id_article_pdf'); |
|
| 246 | 246 | foreach ($_GET as $var => $val) |
| 247 | 247 | if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
| 248 | 248 | and !in_array($var, $_exceptions)) |
| 249 | - $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
|
| 249 | + $_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]); |
|
| 250 | 250 | foreach ($_POST as $var => $val) |
| 251 | 251 | if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
| 252 | 252 | and !in_array($var, $_exceptions)) |
| 253 | - $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
|
| 253 | + $_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]); |
|
| 254 | 254 | foreach ($GLOBALS as $var => $val) |
| 255 | 255 | if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
| 256 | 256 | and !in_array($var, $_exceptions)) |
| 257 | - $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
|
| 257 | + $GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]); |
|
| 258 | 258 | |
| 259 | 259 | /* |
| 260 | 260 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -265,18 +265,18 @@ discard block |
||
| 265 | 265 | /* |
| 266 | 266 | * Contrôle de quelques variables (XSS) |
| 267 | 267 | */ |
| 268 | -foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 268 | +foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 269 | 269 | if (isset($_GET[$var])) |
| 270 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 270 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_GET[$var]); |
|
| 271 | 271 | if (isset($_POST[$var])) |
| 272 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 272 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_POST[$var]); |
|
| 273 | 273 | } |
| 274 | 274 | |
| 275 | 275 | /* |
| 276 | 276 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
| 277 | 277 | */ |
| 278 | -if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) { |
|
| 279 | - $file = addslashes((string)$_GET['file']); |
|
| 278 | +if (preg_match(',^(.*/)?spip_acces_doc\.,', (string) $_SERVER['REQUEST_URI'])) { |
|
| 279 | + $file = addslashes((string) $_GET['file']); |
|
| 280 | 280 | } |
| 281 | 281 | |
| 282 | 282 | /* |
@@ -291,28 +291,28 @@ discard block |
||
| 291 | 291 | * Agenda joue à l'injection php |
| 292 | 292 | */ |
| 293 | 293 | if (isset($_REQUEST['partie_cal']) |
| 294 | -and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
|
| 294 | +and $_REQUEST['partie_cal'] !== htmlentities((string) $_REQUEST['partie_cal'])) |
|
| 295 | 295 | $ecran_securite_raison = "partie_cal"; |
| 296 | 296 | if (isset($_REQUEST['echelle']) |
| 297 | -and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
|
| 297 | +and $_REQUEST['echelle'] !== htmlentities((string) $_REQUEST['echelle'])) |
|
| 298 | 298 | $ecran_securite_raison = "echelle"; |
| 299 | 299 | |
| 300 | 300 | /* |
| 301 | 301 | * Espace privé |
| 302 | 302 | */ |
| 303 | 303 | if (isset($_REQUEST['exec']) |
| 304 | -and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
|
| 304 | +and !preg_match(',^[\w-]+$,', (string) $_REQUEST['exec'])) |
|
| 305 | 305 | $ecran_securite_raison = "exec"; |
| 306 | 306 | if (isset($_REQUEST['cherche_auteur']) |
| 307 | -and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
|
| 307 | +and preg_match(',[<],', (string) $_REQUEST['cherche_auteur'])) |
|
| 308 | 308 | $ecran_securite_raison = "cherche_auteur"; |
| 309 | 309 | if (isset($_REQUEST['exec']) |
| 310 | 310 | and $_REQUEST['exec'] == 'auteurs' |
| 311 | -and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
|
| 311 | +and preg_match(',[<],', (string) $_REQUEST['recherche'])) |
|
| 312 | 312 | $ecran_securite_raison = "recherche"; |
| 313 | 313 | if (isset($_REQUEST['exec']) |
| 314 | 314 | and $_REQUEST['exec'] == 'info_plugin' |
| 315 | -and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
|
| 315 | +and preg_match(',[<],', (string) $_REQUEST['plugin'])) |
|
| 316 | 316 | $ecran_securite_raison = "plugin"; |
| 317 | 317 | if (isset($_REQUEST['exec']) |
| 318 | 318 | and $_REQUEST['exec'] == 'puce_statut' |
@@ -325,7 +325,7 @@ discard block |
||
| 325 | 325 | or @file_exists('ecrire/inc_version.php')) { |
| 326 | 326 | function action_configurer() { |
| 327 | 327 | include_spip('inc/autoriser'); |
| 328 | - if(!autoriser('configurer', _request('configuration'))) { |
|
| 328 | + if (!autoriser('configurer', _request('configuration'))) { |
|
| 329 | 329 | include_spip('inc/minipres'); |
| 330 | 330 | echo minipres(_T('info_acces_interdit')); |
| 331 | 331 | exit; |
@@ -366,9 +366,9 @@ discard block |
||
| 366 | 366 | */ |
| 367 | 367 | if (_IS_BOT and ( |
| 368 | 368 | (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
| 369 | - or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 370 | - or (isset($_REQUEST['calendrier_annee']) and strpos((string)$_SERVER['REQUEST_URI'], 'debut_') ) |
|
| 371 | - or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string)$_SERVER['REQUEST_URI'])) |
|
| 369 | + or (strpos((string) $_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string) $_SERVER['REQUEST_URI'])) |
|
| 370 | + or (isset($_REQUEST['calendrier_annee']) and strpos((string) $_SERVER['REQUEST_URI'], 'debut_')) |
|
| 371 | + or (isset($_REQUEST['calendrier_annee']) and preg_match(',[?&]calendrier_annee=.*&calendrier_annee=,', (string) $_SERVER['REQUEST_URI'])) |
|
| 372 | 372 | ) |
| 373 | 373 | ) |
| 374 | 374 | $ecran_securite_raison = "robot agenda/double pagination"; |
@@ -380,7 +380,7 @@ discard block |
||
| 380 | 380 | if (isset($_REQUEST['page'])) { |
| 381 | 381 | if ($_REQUEST['page'] == 'test_cfg') |
| 382 | 382 | $ecran_securite_raison = "test_cfg"; |
| 383 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 383 | + if ($_REQUEST['page'] !== htmlspecialchars((string) $_REQUEST['page'])) |
|
| 384 | 384 | $ecran_securite_raison = "xsspage"; |
| 385 | 385 | if ($_REQUEST['page'] == '404' |
| 386 | 386 | and isset($_REQUEST['erreur'])) |
@@ -418,12 +418,12 @@ discard block |
||
| 418 | 418 | /* |
| 419 | 419 | * Outils XML mal sécurisés again |
| 420 | 420 | */ |
| 421 | -if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec']=='valider_xml'){ |
|
| 421 | +if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') { |
|
| 422 | 422 | $url = trim($_REQUEST['var_url']); |
| 423 | - if (strncmp($url,'/',1)==0 |
|
| 424 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) |
|
| 425 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) |
|
| 426 | - or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { |
|
| 423 | + if (strncmp($url, '/', 1) == 0 |
|
| 424 | + or (($p = strpos($url, '..')) !== false AND strpos($url, '..', $p + 3) !== false) |
|
| 425 | + or (($p = strpos($url, '..')) !== false AND strpos($url, 'IMG', $p + 3) !== false) |
|
| 426 | + or (strpos($url, '://') !== false or strpos($url, ':\\') !== false)) { |
|
| 427 | 427 | $ecran_securite_raison = 'URL interdite pour var_url'; |
| 428 | 428 | } |
| 429 | 429 | } |
@@ -432,10 +432,10 @@ discard block |
||
| 432 | 432 | * Sauvegarde mal securisée < 2.0.9 |
| 433 | 433 | */ |
| 434 | 434 | if (isset($_REQUEST['nom_sauvegarde']) |
| 435 | -and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
|
| 435 | +and strstr((string) $_REQUEST['nom_sauvegarde'], '/')) |
|
| 436 | 436 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 437 | 437 | if (isset($_REQUEST['znom_sauvegarde']) |
| 438 | -and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
|
| 438 | +and strstr((string) $_REQUEST['znom_sauvegarde'], '/')) |
|
| 439 | 439 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 440 | 440 | |
| 441 | 441 | |
@@ -450,8 +450,8 @@ discard block |
||
| 450 | 450 | /* |
| 451 | 451 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
| 452 | 452 | */ |
| 453 | -if (count($_FILES)){ |
|
| 454 | - foreach($_FILES as $k => $v){ |
|
| 453 | +if (count($_FILES)) { |
|
| 454 | + foreach ($_FILES as $k => $v) { |
|
| 455 | 455 | if (preg_match(',^fichier_\d+$,', $k) |
| 456 | 456 | and preg_match(',\.php,i', $v['name'])) |
| 457 | 457 | unset($_FILES[$k]); |
@@ -461,7 +461,7 @@ discard block |
||
| 461 | 461 | * et Contact trop laxiste avec une variable externe |
| 462 | 462 | * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout |
| 463 | 463 | */ |
| 464 | -if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']){ |
|
| 464 | +if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']) { |
|
| 465 | 465 | unset($_REQUEST['pj_enregistrees_nom']); |
| 466 | 466 | unset($_GET['pj_enregistrees_nom']); |
| 467 | 467 | unset($_POST['pj_enregistrees_nom']); |
@@ -491,7 +491,7 @@ discard block |
||
| 491 | 491 | /* |
| 492 | 492 | * Réinjection des clés en html dans l'admin r19561 |
| 493 | 493 | */ |
| 494 | -if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
|
| 494 | +if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false) { |
|
| 495 | 495 | $zzzz = implode("", array_keys($_REQUEST)); |
| 496 | 496 | if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
| 497 | 497 | $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
