spip /
SPIP
@@ -15,7 +15,7 @@ discard block |
||
| 15 | 15 | * Test utilisateur |
| 16 | 16 | */ |
| 17 | 17 | if (isset($_GET['test_ecran_securite'])) |
| 18 | - $ecran_securite_raison = 'test '._ECRAN_SECURITE; |
|
| 18 | + $ecran_securite_raison = 'test '._ECRAN_SECURITE; |
|
| 19 | 19 | |
| 20 | 20 | /* |
| 21 | 21 | * Monitoring |
@@ -24,33 +24,33 @@ discard block |
||
| 24 | 24 | * le load depasse ECRAN_SECURITE_LOAD) |
| 25 | 25 | */ |
| 26 | 26 | if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ |
| 27 | - define('_IS_BOT', $_GET['var_isbot'] ? true : false); |
|
| 27 | + define('_IS_BOT', $_GET['var_isbot'] ? true : false); |
|
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | /* |
| 31 | 31 | * Détecteur de robot d'indexation |
| 32 | 32 | */ |
| 33 | 33 | if (!defined('_IS_BOT')){ |
| 34 | - define('_IS_BOT', |
|
| 35 | - isset($_SERVER['HTTP_USER_AGENT']) |
|
| 36 | - and preg_match( |
|
| 37 | - // mots generiques |
|
| 38 | - ',bot|slurp|crawler|spider|webvac|yandex|' |
|
| 39 | - // MSIE 6.0 est un botnet 99,9% du temps, on traite donc ce USER_AGENT comme un bot |
|
| 40 | - . 'MSIE 6\.0|' |
|
| 41 | - // UA plus cibles |
|
| 42 | - . '200please|80legs|a6-indexer|aboundex|accoona|addthis|adressendeutschland|alexa|altavista|analyticsseo|archive|aspseek|baidu|begunadvertising|bingpreview|bloglines|browsershots|bubing|butterfly|changedetection|charlotte|chilkat|china|coccoc|crowsnest|dataminr|daumoa|dlweb|ec2linkfinder|estyle|ezooms|facebookexternalhit|facebookplatform|fairshare|feedfetcher|feedfetcher-google|feedly|fetch|flipboardproxy|genieo|google|grapeshot|hatena-useragent|head|hosttracker|hubspot|ia_archiver|ichiro|iltrovatore-setaccio|immediatenet|ina|infegyatlas|infohelfer|instapaper|jabse|james|kumkie|linkdex|linkfluence|linkwalker|litefinder|loadimpactpageanalyzer|luminate|lycos|lycosa|mediapartners-google|msai|najdi|netcraftsurveyagent|netestate|netseer|nuhk|panscient|parsijoo|plukkie|proximic|qirina|qualidator|rambler|readability|sbsearch|scooter|scrapy|scrubby|scrubbybloglines|shareaholic|shopwiki|sistrix|sitechecker|siteexplorer|sogou|special_archiver|speedy|spinn3r|spreadtrum|steeler|subscriber|suma|superdownloads|svenska-webbsido|teoma|thumbshots|tineye|trendiction|tweetedtimes|tweetmeme|uaslinkchecker|undrip|unwindfetchor|vedma|vkshare|vm|wch|webalta|webcookies|webthumbnail|wesee|wise-guys|woko|wotbox|y!j-bri|y!j-bro|y!j-brw|y!j-bsc|yahoo|yahoo!|yahooysmcm|yats|yeti|zeerch|owlin' |
|
| 43 | - . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 44 | - ); |
|
| 34 | + define('_IS_BOT', |
|
| 35 | + isset($_SERVER['HTTP_USER_AGENT']) |
|
| 36 | + and preg_match( |
|
| 37 | + // mots generiques |
|
| 38 | + ',bot|slurp|crawler|spider|webvac|yandex|' |
|
| 39 | + // MSIE 6.0 est un botnet 99,9% du temps, on traite donc ce USER_AGENT comme un bot |
|
| 40 | + . 'MSIE 6\.0|' |
|
| 41 | + // UA plus cibles |
|
| 42 | + . '200please|80legs|a6-indexer|aboundex|accoona|addthis|adressendeutschland|alexa|altavista|analyticsseo|archive|aspseek|baidu|begunadvertising|bingpreview|bloglines|browsershots|bubing|butterfly|changedetection|charlotte|chilkat|china|coccoc|crowsnest|dataminr|daumoa|dlweb|ec2linkfinder|estyle|ezooms|facebookexternalhit|facebookplatform|fairshare|feedfetcher|feedfetcher-google|feedly|fetch|flipboardproxy|genieo|google|grapeshot|hatena-useragent|head|hosttracker|hubspot|ia_archiver|ichiro|iltrovatore-setaccio|immediatenet|ina|infegyatlas|infohelfer|instapaper|jabse|james|kumkie|linkdex|linkfluence|linkwalker|litefinder|loadimpactpageanalyzer|luminate|lycos|lycosa|mediapartners-google|msai|najdi|netcraftsurveyagent|netestate|netseer|nuhk|panscient|parsijoo|plukkie|proximic|qirina|qualidator|rambler|readability|sbsearch|scooter|scrapy|scrubby|scrubbybloglines|shareaholic|shopwiki|sistrix|sitechecker|siteexplorer|sogou|special_archiver|speedy|spinn3r|spreadtrum|steeler|subscriber|suma|superdownloads|svenska-webbsido|teoma|thumbshots|tineye|trendiction|tweetedtimes|tweetmeme|uaslinkchecker|undrip|unwindfetchor|vedma|vkshare|vm|wch|webalta|webcookies|webthumbnail|wesee|wise-guys|woko|wotbox|y!j-bri|y!j-bro|y!j-brw|y!j-bsc|yahoo|yahoo!|yahooysmcm|yats|yeti|zeerch|owlin' |
|
| 43 | + . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 44 | + ); |
|
| 45 | 45 | } |
| 46 | 46 | if (!defined('_IS_BOT_FRIEND')){ |
| 47 | - define('_IS_BOT_FRIEND', |
|
| 48 | - isset($_SERVER['HTTP_USER_AGENT']) |
|
| 49 | - and preg_match(',' |
|
| 50 | - // UA plus cibles |
|
| 51 | - . 'facebookexternalhit' |
|
| 52 | - . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 53 | - ); |
|
| 47 | + define('_IS_BOT_FRIEND', |
|
| 48 | + isset($_SERVER['HTTP_USER_AGENT']) |
|
| 49 | + and preg_match(',' |
|
| 50 | + // UA plus cibles |
|
| 51 | + . 'facebookexternalhit' |
|
| 52 | + . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 53 | + ); |
|
| 54 | 54 | } |
| 55 | 55 | |
| 56 | 56 | /* |
@@ -61,17 +61,17 @@ discard block |
||
| 61 | 61 | * (id_base est une variable de la config des widgets de WordPress) |
| 62 | 62 | */ |
| 63 | 63 | foreach ($_GET as $var => $val) |
| 64 | - if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
|
| 65 | - and !in_array($var, array('id_table', 'id_base'))) |
|
| 66 | - $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
|
| 64 | + if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
|
| 65 | + and !in_array($var, array('id_table', 'id_base'))) |
|
| 66 | + $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
|
| 67 | 67 | foreach ($_POST as $var => $val) |
| 68 | - if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
|
| 69 | - and !in_array($var, array('id_table', 'id_base'))) |
|
| 70 | - $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
|
| 68 | + if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
|
| 69 | + and !in_array($var, array('id_table', 'id_base'))) |
|
| 70 | + $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
|
| 71 | 71 | foreach ($GLOBALS as $var => $val) |
| 72 | - if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
|
| 73 | - and !in_array($var, array('id_table', 'id_base'))) |
|
| 74 | - $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
|
| 72 | + if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
|
| 73 | + and !in_array($var, array('id_table', 'id_base'))) |
|
| 74 | + $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
|
| 75 | 75 | |
| 76 | 76 | /* |
| 77 | 77 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -83,17 +83,17 @@ discard block |
||
| 83 | 83 | * Contrôle de quelques variables (XSS) |
| 84 | 84 | */ |
| 85 | 85 | foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
| 86 | - if (isset($_GET[$var])) |
|
| 87 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 88 | - if (isset($_POST[$var])) |
|
| 89 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 86 | + if (isset($_GET[$var])) |
|
| 87 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 88 | + if (isset($_POST[$var])) |
|
| 89 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 90 | 90 | } |
| 91 | 91 | |
| 92 | 92 | /* |
| 93 | 93 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
| 94 | 94 | */ |
| 95 | 95 | if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) { |
| 96 | - $file = addslashes((string)$_GET['file']); |
|
| 96 | + $file = addslashes((string)$_GET['file']); |
|
| 97 | 97 | } |
| 98 | 98 | |
| 99 | 99 | /* |
@@ -102,79 +102,79 @@ discard block |
||
| 102 | 102 | if (isset($_REQUEST['mode']) and isset($_REQUEST['page']) |
| 103 | 103 | and !in_array($_REQUEST['mode'], array("6forum", "1comite")) |
| 104 | 104 | and $_REQUEST['page'] == "identifiants") |
| 105 | - $ecran_securite_raison = "identifiants"; |
|
| 105 | + $ecran_securite_raison = "identifiants"; |
|
| 106 | 106 | |
| 107 | 107 | /* |
| 108 | 108 | * Agenda joue à l'injection php |
| 109 | 109 | */ |
| 110 | 110 | if (isset($_REQUEST['partie_cal']) |
| 111 | 111 | and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
| 112 | - $ecran_securite_raison = "partie_cal"; |
|
| 112 | + $ecran_securite_raison = "partie_cal"; |
|
| 113 | 113 | if (isset($_REQUEST['echelle']) |
| 114 | 114 | and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
| 115 | - $ecran_securite_raison = "echelle"; |
|
| 115 | + $ecran_securite_raison = "echelle"; |
|
| 116 | 116 | |
| 117 | 117 | /* |
| 118 | 118 | * Espace privé |
| 119 | 119 | */ |
| 120 | 120 | if (isset($_REQUEST['exec']) |
| 121 | 121 | and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
| 122 | - $ecran_securite_raison = "exec"; |
|
| 122 | + $ecran_securite_raison = "exec"; |
|
| 123 | 123 | if (isset($_REQUEST['cherche_auteur']) |
| 124 | 124 | and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
| 125 | - $ecran_securite_raison = "cherche_auteur"; |
|
| 125 | + $ecran_securite_raison = "cherche_auteur"; |
|
| 126 | 126 | if (isset($_REQUEST['exec']) |
| 127 | 127 | and $_REQUEST['exec'] == 'auteurs' |
| 128 | 128 | and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
| 129 | - $ecran_securite_raison = "recherche"; |
|
| 129 | + $ecran_securite_raison = "recherche"; |
|
| 130 | 130 | if (isset($_REQUEST['exec']) |
| 131 | 131 | and $_REQUEST['exec'] == 'info_plugin' |
| 132 | 132 | and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
| 133 | - $ecran_securite_raison = "plugin"; |
|
| 133 | + $ecran_securite_raison = "plugin"; |
|
| 134 | 134 | if (isset($_REQUEST['exec']) |
| 135 | 135 | and $_REQUEST['exec'] == 'puce_statut' |
| 136 | 136 | and isset($_REQUEST['id']) |
| 137 | 137 | and !intval($_REQUEST['id'])) |
| 138 | - $ecran_securite_raison = "puce_statut"; |
|
| 138 | + $ecran_securite_raison = "puce_statut"; |
|
| 139 | 139 | if (isset($_REQUEST['action']) |
| 140 | 140 | and $_REQUEST['action'] == 'configurer') { |
| 141 | - if (@file_exists('inc_version.php') |
|
| 142 | - or @file_exists('ecrire/inc_version.php')) { |
|
| 143 | - function action_configurer() { |
|
| 144 | - include_spip('inc/autoriser'); |
|
| 145 | - if(!autoriser('configurer', _request('configuration'))) { |
|
| 146 | - include_spip('inc/minipres'); |
|
| 147 | - echo minipres(_T('info_acces_interdit')); |
|
| 148 | - exit; |
|
| 149 | - } |
|
| 150 | - require _DIR_RESTREINT.'action/configurer.php'; |
|
| 151 | - action_configurer_dist(); |
|
| 152 | - } |
|
| 153 | - } |
|
| 141 | + if (@file_exists('inc_version.php') |
|
| 142 | + or @file_exists('ecrire/inc_version.php')) { |
|
| 143 | + function action_configurer() { |
|
| 144 | + include_spip('inc/autoriser'); |
|
| 145 | + if(!autoriser('configurer', _request('configuration'))) { |
|
| 146 | + include_spip('inc/minipres'); |
|
| 147 | + echo minipres(_T('info_acces_interdit')); |
|
| 148 | + exit; |
|
| 149 | + } |
|
| 150 | + require _DIR_RESTREINT.'action/configurer.php'; |
|
| 151 | + action_configurer_dist(); |
|
| 152 | + } |
|
| 153 | + } |
|
| 154 | 154 | } |
| 155 | 155 | |
| 156 | 156 | /* |
| 157 | 157 | * Bloque les requêtes contenant %00 (manipulation d'include) |
| 158 | 158 | */ |
| 159 | 159 | if (strpos( |
| 160 | - @get_magic_quotes_gpc() ? |
|
| 161 | - stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), |
|
| 162 | - chr(0) |
|
| 160 | + @get_magic_quotes_gpc() ? |
|
| 161 | + stripslashes(serialize($_REQUEST)) : serialize($_REQUEST), |
|
| 162 | + chr(0) |
|
| 163 | 163 | ) !== false) |
| 164 | - $ecran_securite_raison = "%00"; |
|
| 164 | + $ecran_securite_raison = "%00"; |
|
| 165 | 165 | |
| 166 | 166 | /* |
| 167 | 167 | * Bloque les requêtes fond=formulaire_ |
| 168 | 168 | */ |
| 169 | 169 | if (isset($_REQUEST['fond']) |
| 170 | 170 | and preg_match(',^formulaire_,i', $_REQUEST['fond'])) |
| 171 | - $ecran_securite_raison = "fond=formulaire_"; |
|
| 171 | + $ecran_securite_raison = "fond=formulaire_"; |
|
| 172 | 172 | |
| 173 | 173 | /* |
| 174 | 174 | * Bloque les requêtes du type ?GLOBALS[type_urls]=toto (bug vieux php) |
| 175 | 175 | */ |
| 176 | 176 | if (isset($_REQUEST['GLOBALS'])) |
| 177 | - $ecran_securite_raison = "GLOBALS[GLOBALS]"; |
|
| 177 | + $ecran_securite_raison = "GLOBALS[GLOBALS]"; |
|
| 178 | 178 | |
| 179 | 179 | /* |
| 180 | 180 | * Bloque les requêtes des bots sur: |
@@ -182,24 +182,24 @@ discard block |
||
| 182 | 182 | * les paginations entremélées |
| 183 | 183 | */ |
| 184 | 184 | if (_IS_BOT and ( |
| 185 | - (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
|
| 186 | - or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 185 | + (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
|
| 186 | + or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 187 | 187 | ) |
| 188 | 188 | ) |
| 189 | - $ecran_securite_raison = "robot agenda/double pagination"; |
|
| 189 | + $ecran_securite_raison = "robot agenda/double pagination"; |
|
| 190 | 190 | |
| 191 | 191 | /* |
| 192 | 192 | * Bloque une vieille page de tests de CFG (<1.11) |
| 193 | 193 | * Bloque un XSS sur une page inexistante |
| 194 | 194 | */ |
| 195 | 195 | if (isset($_REQUEST['page'])) { |
| 196 | - if ($_REQUEST['page'] == 'test_cfg') |
|
| 197 | - $ecran_securite_raison = "test_cfg"; |
|
| 198 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 199 | - $ecran_securite_raison = "xsspage"; |
|
| 200 | - if ($_REQUEST['page'] == '404' |
|
| 201 | - and isset($_REQUEST['erreur'])) |
|
| 202 | - $ecran_securite_raison = "xss404"; |
|
| 196 | + if ($_REQUEST['page'] == 'test_cfg') |
|
| 197 | + $ecran_securite_raison = "test_cfg"; |
|
| 198 | + if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 199 | + $ecran_securite_raison = "xsspage"; |
|
| 200 | + if ($_REQUEST['page'] == '404' |
|
| 201 | + and isset($_REQUEST['erreur'])) |
|
| 202 | + $ecran_securite_raison = "xss404"; |
|
| 203 | 203 | } |
| 204 | 204 | |
| 205 | 205 | /* |
@@ -207,40 +207,40 @@ discard block |
||
| 207 | 207 | */ |
| 208 | 208 | foreach (array('var_login') as $var) |
| 209 | 209 | if (isset($_REQUEST[$var]) and is_array($_REQUEST[$var])) |
| 210 | - $ecran_securite_raison = "xss ".$var; |
|
| 210 | + $ecran_securite_raison = "xss ".$var; |
|
| 211 | 211 | |
| 212 | 212 | /* |
| 213 | 213 | * Parade antivirale contre un cheval de troie |
| 214 | 214 | */ |
| 215 | 215 | if (!function_exists('tmp_lkojfghx')) { |
| 216 | - function tmp_lkojfghx() {} |
|
| 217 | - function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { |
|
| 218 | - // si jamais on est arrivé ici sur une erreur php |
|
| 219 | - // et qu'un autre gestionnaire d'erreur est défini, l'appeller |
|
| 220 | - if ($b && $GLOBALS['tmp_xhgfjokl']) |
|
| 221 | - call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 222 | - } |
|
| 216 | + function tmp_lkojfghx() {} |
|
| 217 | + function tmp_lkojfghx2($a = 0, $b = 0, $c = 0, $d = 0) { |
|
| 218 | + // si jamais on est arrivé ici sur une erreur php |
|
| 219 | + // et qu'un autre gestionnaire d'erreur est défini, l'appeller |
|
| 220 | + if ($b && $GLOBALS['tmp_xhgfjokl']) |
|
| 221 | + call_user_func($GLOBALS['tmp_xhgfjokl'], $a, $b, $c, $d); |
|
| 222 | + } |
|
| 223 | 223 | } |
| 224 | 224 | if (isset($_POST['tmp_lkojfghx3'])) |
| 225 | - $ecran_securite_raison = "gumblar"; |
|
| 225 | + $ecran_securite_raison = "gumblar"; |
|
| 226 | 226 | |
| 227 | 227 | /* |
| 228 | 228 | * Outils XML mal sécurisés < 2.0.9 |
| 229 | 229 | */ |
| 230 | 230 | if (isset($_REQUEST['transformer_xml'])) |
| 231 | - $ecran_securite_raison = "transformer_xml"; |
|
| 231 | + $ecran_securite_raison = "transformer_xml"; |
|
| 232 | 232 | |
| 233 | 233 | /* |
| 234 | 234 | * Outils XML mal sécurisés again |
| 235 | 235 | */ |
| 236 | 236 | if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec']=='valider_xml'){ |
| 237 | - $url = trim($_REQUEST['var_url']); |
|
| 238 | - if (strncmp($url,'/',1)==0 |
|
| 239 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) |
|
| 240 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) |
|
| 241 | - or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { |
|
| 242 | - $ecran_securite_raison = 'URL interdite pour var_url'; |
|
| 243 | - } |
|
| 237 | + $url = trim($_REQUEST['var_url']); |
|
| 238 | + if (strncmp($url,'/',1)==0 |
|
| 239 | + or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) |
|
| 240 | + or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) |
|
| 241 | + or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { |
|
| 242 | + $ecran_securite_raison = 'URL interdite pour var_url'; |
|
| 243 | + } |
|
| 244 | 244 | } |
| 245 | 245 | |
| 246 | 246 | /* |
@@ -248,10 +248,10 @@ discard block |
||
| 248 | 248 | */ |
| 249 | 249 | if (isset($_REQUEST['nom_sauvegarde']) |
| 250 | 250 | and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
| 251 | - $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
|
| 251 | + $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
|
| 252 | 252 | if (isset($_REQUEST['znom_sauvegarde']) |
| 253 | 253 | and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
| 254 | - $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
|
| 254 | + $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
|
| 255 | 255 | |
| 256 | 256 | |
| 257 | 257 | /* |
@@ -260,26 +260,26 @@ discard block |
||
| 260 | 260 | */ |
| 261 | 261 | if (isset($_REQUEST['op']) and isset($_REQUEST['page']) |
| 262 | 262 | and $_REQUEST['op'] !== preg_replace('/[^\-\w]/', '', $_REQUEST['op'])) |
| 263 | - $ecran_securite_raison = 'op'; |
|
| 263 | + $ecran_securite_raison = 'op'; |
|
| 264 | 264 | |
| 265 | 265 | /* |
| 266 | 266 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
| 267 | 267 | */ |
| 268 | 268 | if (count($_FILES)){ |
| 269 | - foreach($_FILES as $k => $v){ |
|
| 270 | - if (preg_match(',^fichier_\d+$,', $k) |
|
| 271 | - and preg_match(',\.php,i', $v['name'])) |
|
| 272 | - unset($_FILES[$k]); |
|
| 273 | - } |
|
| 269 | + foreach($_FILES as $k => $v){ |
|
| 270 | + if (preg_match(',^fichier_\d+$,', $k) |
|
| 271 | + and preg_match(',\.php,i', $v['name'])) |
|
| 272 | + unset($_FILES[$k]); |
|
| 273 | + } |
|
| 274 | 274 | } |
| 275 | 275 | /* |
| 276 | 276 | * et Contact trop laxiste avec une variable externe |
| 277 | 277 | * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout |
| 278 | 278 | */ |
| 279 | 279 | if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']){ |
| 280 | - unset($_REQUEST['pj_enregistrees_nom']); |
|
| 281 | - unset($_GET['pj_enregistrees_nom']); |
|
| 282 | - unset($_POST['pj_enregistrees_nom']); |
|
| 280 | + unset($_REQUEST['pj_enregistrees_nom']); |
|
| 281 | + unset($_GET['pj_enregistrees_nom']); |
|
| 282 | + unset($_POST['pj_enregistrees_nom']); |
|
| 283 | 283 | } |
| 284 | 284 | |
| 285 | 285 | /* |
@@ -287,66 +287,66 @@ discard block |
||
| 287 | 287 | */ |
| 288 | 288 | if (isset($_REQUEST['reinstall']) |
| 289 | 289 | and $_REQUEST['reinstall'] == 'oui') |
| 290 | - $ecran_securite_raison = 'reinstall=oui'; |
|
| 290 | + $ecran_securite_raison = 'reinstall=oui'; |
|
| 291 | 291 | |
| 292 | 292 | /* |
| 293 | 293 | * Échappement xss referer |
| 294 | 294 | */ |
| 295 | 295 | if (isset($_SERVER['HTTP_REFERER'])) |
| 296 | - $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); |
|
| 296 | + $_SERVER['HTTP_REFERER'] = strtr($_SERVER['HTTP_REFERER'], '<>"\'', '[]##'); |
|
| 297 | 297 | |
| 298 | 298 | |
| 299 | 299 | /* |
| 300 | 300 | * Echappement HTTP_X_FORWARDED_HOST |
| 301 | 301 | */ |
| 302 | 302 | if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) |
| 303 | - $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); |
|
| 303 | + $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________'); |
|
| 304 | 304 | |
| 305 | 305 | |
| 306 | 306 | /* |
| 307 | 307 | * Réinjection des clés en html dans l'admin r19561 |
| 308 | 308 | */ |
| 309 | 309 | if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
| 310 | - $zzzz = implode("", array_keys($_REQUEST)); |
|
| 311 | - if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
|
| 312 | - $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 310 | + $zzzz = implode("", array_keys($_REQUEST)); |
|
| 311 | + if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
|
| 312 | + $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
|
| 313 | 313 | } |
| 314 | 314 | |
| 315 | 315 | /* |
| 316 | 316 | * Injection par connect |
| 317 | 317 | */ |
| 318 | 318 | if (isset($_REQUEST['connect']) |
| 319 | - and |
|
| 320 | - // cas qui permettent de sortir d'un commentaire PHP |
|
| 321 | - (strpos($_REQUEST['connect'], "?") !== false |
|
| 322 | - or strpos($_REQUEST['connect'], "<") !== false |
|
| 323 | - or strpos($_REQUEST['connect'], ">") !== false |
|
| 324 | - or strpos($_REQUEST['connect'], "\n") !== false |
|
| 325 | - or strpos($_REQUEST['connect'], "\r") !== false) |
|
| 326 | - ) { |
|
| 327 | - $ecran_securite_raison = "malformed connect argument"; |
|
| 319 | + and |
|
| 320 | + // cas qui permettent de sortir d'un commentaire PHP |
|
| 321 | + (strpos($_REQUEST['connect'], "?") !== false |
|
| 322 | + or strpos($_REQUEST['connect'], "<") !== false |
|
| 323 | + or strpos($_REQUEST['connect'], ">") !== false |
|
| 324 | + or strpos($_REQUEST['connect'], "\n") !== false |
|
| 325 | + or strpos($_REQUEST['connect'], "\r") !== false) |
|
| 326 | + ) { |
|
| 327 | + $ecran_securite_raison = "malformed connect argument"; |
|
| 328 | 328 | } |
| 329 | 329 | |
| 330 | 330 | /* |
| 331 | 331 | * S'il y a une raison de mourir, mourons |
| 332 | 332 | */ |
| 333 | 333 | if (isset($ecran_securite_raison)) { |
| 334 | - header("HTTP/1.0 403 Forbidden"); |
|
| 335 | - header("Expires: Wed, 11 Jan 1984 05:00:00 GMT"); |
|
| 336 | - header("Cache-Control: no-cache, must-revalidate"); |
|
| 337 | - header("Pragma: no-cache"); |
|
| 338 | - header("Content-Type: text/html"); |
|
| 339 | - die("<html><title>Error 403: Forbidden</title><body><h1>Error 403</h1><p>You are not authorized to view this page ($ecran_securite_raison)</p></body></html>"); |
|
| 334 | + header("HTTP/1.0 403 Forbidden"); |
|
| 335 | + header("Expires: Wed, 11 Jan 1984 05:00:00 GMT"); |
|
| 336 | + header("Cache-Control: no-cache, must-revalidate"); |
|
| 337 | + header("Pragma: no-cache"); |
|
| 338 | + header("Content-Type: text/html"); |
|
| 339 | + die("<html><title>Error 403: Forbidden</title><body><h1>Error 403</h1><p>You are not authorized to view this page ($ecran_securite_raison)</p></body></html>"); |
|
| 340 | 340 | } |
| 341 | 341 | |
| 342 | 342 | /* |
| 343 | 343 | * Un filtre filtrer_entites securise |
| 344 | 344 | */ |
| 345 | 345 | if (!function_exists('filtre_filtrer_entites_dist')) { |
| 346 | - function filtre_filtrer_entites_dist($t) { |
|
| 347 | - include_spip('inc/texte'); |
|
| 348 | - return interdire_scripts(filtrer_entites($t)); |
|
| 349 | - } |
|
| 346 | + function filtre_filtrer_entites_dist($t) { |
|
| 347 | + include_spip('inc/texte'); |
|
| 348 | + return interdire_scripts(filtrer_entites($t)); |
|
| 349 | + } |
|
| 350 | 350 | } |
| 351 | 351 | |
| 352 | 352 | |
@@ -360,34 +360,34 @@ discard block |
||
| 360 | 360 | * Bloque les bots quand le load déborde |
| 361 | 361 | */ |
| 362 | 362 | if (!defined('_ECRAN_SECURITE_LOAD')) |
| 363 | - define('_ECRAN_SECURITE_LOAD', 4); |
|
| 363 | + define('_ECRAN_SECURITE_LOAD', 4); |
|
| 364 | 364 | |
| 365 | 365 | if ( |
| 366 | - defined('_ECRAN_SECURITE_LOAD') |
|
| 367 | - and _ECRAN_SECURITE_LOAD > 0 |
|
| 368 | - and _IS_BOT |
|
| 369 | - and !_IS_BOT_FRIEND |
|
| 370 | - and $_SERVER['REQUEST_METHOD'] === 'GET' |
|
| 371 | - and ( |
|
| 372 | - (function_exists('sys_getloadavg') |
|
| 373 | - and $load = sys_getloadavg() |
|
| 374 | - and is_array($load) |
|
| 375 | - and $load = array_shift($load) |
|
| 376 | - ) |
|
| 377 | - or |
|
| 378 | - (@is_readable('/proc/loadavg') |
|
| 379 | - and $load = file_get_contents('/proc/loadavg') |
|
| 380 | - and $load = floatval($load) |
|
| 381 | - ) |
|
| 382 | - ) |
|
| 383 | - and $load > _ECRAN_SECURITE_LOAD // eviter l'evaluation suivante si de toute facon le load est inferieur a la limite |
|
| 384 | - and rand(0, $load * $load) > _ECRAN_SECURITE_LOAD * _ECRAN_SECURITE_LOAD |
|
| 366 | + defined('_ECRAN_SECURITE_LOAD') |
|
| 367 | + and _ECRAN_SECURITE_LOAD > 0 |
|
| 368 | + and _IS_BOT |
|
| 369 | + and !_IS_BOT_FRIEND |
|
| 370 | + and $_SERVER['REQUEST_METHOD'] === 'GET' |
|
| 371 | + and ( |
|
| 372 | + (function_exists('sys_getloadavg') |
|
| 373 | + and $load = sys_getloadavg() |
|
| 374 | + and is_array($load) |
|
| 375 | + and $load = array_shift($load) |
|
| 376 | + ) |
|
| 377 | + or |
|
| 378 | + (@is_readable('/proc/loadavg') |
|
| 379 | + and $load = file_get_contents('/proc/loadavg') |
|
| 380 | + and $load = floatval($load) |
|
| 381 | + ) |
|
| 382 | + ) |
|
| 383 | + and $load > _ECRAN_SECURITE_LOAD // eviter l'evaluation suivante si de toute facon le load est inferieur a la limite |
|
| 384 | + and rand(0, $load * $load) > _ECRAN_SECURITE_LOAD * _ECRAN_SECURITE_LOAD |
|
| 385 | 385 | ) { |
| 386 | - header("HTTP/1.0 503 Service Unavailable"); |
|
| 387 | - header("Retry-After: 300"); |
|
| 388 | - header("Expires: Wed, 11 Jan 1984 05:00:00 GMT"); |
|
| 389 | - header("Cache-Control: no-cache, must-revalidate"); |
|
| 390 | - header("Pragma: no-cache"); |
|
| 391 | - header("Content-Type: text/html"); |
|
| 392 | - die("<html><title>Status 503: Site temporarily unavailable</title><body><h1>Status 503</h1><p>Site temporarily unavailable (load average $load)</p></body></html>"); |
|
| 386 | + header("HTTP/1.0 503 Service Unavailable"); |
|
| 387 | + header("Retry-After: 300"); |
|
| 388 | + header("Expires: Wed, 11 Jan 1984 05:00:00 GMT"); |
|
| 389 | + header("Cache-Control: no-cache, must-revalidate"); |
|
| 390 | + header("Pragma: no-cache"); |
|
| 391 | + header("Content-Type: text/html"); |
|
| 392 | + die("<html><title>Status 503: Site temporarily unavailable</title><body><h1>Status 503</h1><p>Site temporarily unavailable (load average $load)</p></body></html>"); |
|
| 393 | 393 | } |
@@ -23,14 +23,14 @@ discard block |
||
| 23 | 23 | * var_isbot=1 peut etre utilise pour monitorer la disponibilite pour les bots (sujets a 503 de delestage si |
| 24 | 24 | * le load depasse ECRAN_SECURITE_LOAD) |
| 25 | 25 | */ |
| 26 | -if (!defined('_IS_BOT') and isset($_GET['var_isbot'])){ |
|
| 26 | +if (!defined('_IS_BOT') and isset($_GET['var_isbot'])) { |
|
| 27 | 27 | define('_IS_BOT', $_GET['var_isbot'] ? true : false); |
| 28 | 28 | } |
| 29 | 29 | |
| 30 | 30 | /* |
| 31 | 31 | * Détecteur de robot d'indexation |
| 32 | 32 | */ |
| 33 | -if (!defined('_IS_BOT')){ |
|
| 33 | +if (!defined('_IS_BOT')) { |
|
| 34 | 34 | define('_IS_BOT', |
| 35 | 35 | isset($_SERVER['HTTP_USER_AGENT']) |
| 36 | 36 | and preg_match( |
@@ -40,16 +40,16 @@ discard block |
||
| 40 | 40 | . 'MSIE 6\.0|' |
| 41 | 41 | // UA plus cibles |
| 42 | 42 | . '200please|80legs|a6-indexer|aboundex|accoona|addthis|adressendeutschland|alexa|altavista|analyticsseo|archive|aspseek|baidu|begunadvertising|bingpreview|bloglines|browsershots|bubing|butterfly|changedetection|charlotte|chilkat|china|coccoc|crowsnest|dataminr|daumoa|dlweb|ec2linkfinder|estyle|ezooms|facebookexternalhit|facebookplatform|fairshare|feedfetcher|feedfetcher-google|feedly|fetch|flipboardproxy|genieo|google|grapeshot|hatena-useragent|head|hosttracker|hubspot|ia_archiver|ichiro|iltrovatore-setaccio|immediatenet|ina|infegyatlas|infohelfer|instapaper|jabse|james|kumkie|linkdex|linkfluence|linkwalker|litefinder|loadimpactpageanalyzer|luminate|lycos|lycosa|mediapartners-google|msai|najdi|netcraftsurveyagent|netestate|netseer|nuhk|panscient|parsijoo|plukkie|proximic|qirina|qualidator|rambler|readability|sbsearch|scooter|scrapy|scrubby|scrubbybloglines|shareaholic|shopwiki|sistrix|sitechecker|siteexplorer|sogou|special_archiver|speedy|spinn3r|spreadtrum|steeler|subscriber|suma|superdownloads|svenska-webbsido|teoma|thumbshots|tineye|trendiction|tweetedtimes|tweetmeme|uaslinkchecker|undrip|unwindfetchor|vedma|vkshare|vm|wch|webalta|webcookies|webthumbnail|wesee|wise-guys|woko|wotbox|y!j-bri|y!j-bro|y!j-brw|y!j-bsc|yahoo|yahoo!|yahooysmcm|yats|yeti|zeerch|owlin' |
| 43 | - . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 43 | + . ',i', (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 44 | 44 | ); |
| 45 | 45 | } |
| 46 | -if (!defined('_IS_BOT_FRIEND')){ |
|
| 46 | +if (!defined('_IS_BOT_FRIEND')) { |
|
| 47 | 47 | define('_IS_BOT_FRIEND', |
| 48 | 48 | isset($_SERVER['HTTP_USER_AGENT']) |
| 49 | 49 | and preg_match(',' |
| 50 | 50 | // UA plus cibles |
| 51 | 51 | . 'facebookexternalhit' |
| 52 | - . ',i', (string)$_SERVER['HTTP_USER_AGENT']) |
|
| 52 | + . ',i', (string) $_SERVER['HTTP_USER_AGENT']) |
|
| 53 | 53 | ); |
| 54 | 54 | } |
| 55 | 55 | |
@@ -63,15 +63,15 @@ discard block |
||
| 63 | 63 | foreach ($_GET as $var => $val) |
| 64 | 64 | if ($_GET[$var] and strncmp($var, "id_", 3) == 0 |
| 65 | 65 | and !in_array($var, array('id_table', 'id_base'))) |
| 66 | - $_GET[$var] = is_array($_GET[$var])?@array_map('intval', $_GET[$var]):intval($_GET[$var]); |
|
| 66 | + $_GET[$var] = is_array($_GET[$var]) ? @array_map('intval', $_GET[$var]) : intval($_GET[$var]); |
|
| 67 | 67 | foreach ($_POST as $var => $val) |
| 68 | 68 | if ($_POST[$var] and strncmp($var, "id_", 3) == 0 |
| 69 | 69 | and !in_array($var, array('id_table', 'id_base'))) |
| 70 | - $_POST[$var] = is_array($_POST[$var])?@array_map('intval', $_POST[$var]):intval($_POST[$var]); |
|
| 70 | + $_POST[$var] = is_array($_POST[$var]) ? @array_map('intval', $_POST[$var]) : intval($_POST[$var]); |
|
| 71 | 71 | foreach ($GLOBALS as $var => $val) |
| 72 | 72 | if ($GLOBALS[$var] and strncmp($var, "id_", 3) == 0 |
| 73 | 73 | and !in_array($var, array('id_table', 'id_base'))) |
| 74 | - $GLOBALS[$var] = is_array($GLOBALS[$var])?@array_map('intval', $GLOBALS[$var]):intval($GLOBALS[$var]); |
|
| 74 | + $GLOBALS[$var] = is_array($GLOBALS[$var]) ? @array_map('intval', $GLOBALS[$var]) : intval($GLOBALS[$var]); |
|
| 75 | 75 | |
| 76 | 76 | /* |
| 77 | 77 | * Interdit la variable $cjpeg_command, qui était utilisée sans |
@@ -82,18 +82,18 @@ discard block |
||
| 82 | 82 | /* |
| 83 | 83 | * Contrôle de quelques variables (XSS) |
| 84 | 84 | */ |
| 85 | -foreach(array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 85 | +foreach (array('lang', 'var_recherche', 'aide', 'var_lang_r', 'lang_r', 'var_ajax_ancre', 'nom_fichier') as $var) { |
|
| 86 | 86 | if (isset($_GET[$var])) |
| 87 | - $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_GET[$var]); |
|
| 87 | + $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_GET[$var]); |
|
| 88 | 88 | if (isset($_POST[$var])) |
| 89 | - $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string)$_POST[$var]); |
|
| 89 | + $_REQUEST[$var] = $GLOBALS[$var] = $_POST[$var] = preg_replace(',[^\w\,/#&;-]+,', ' ', (string) $_POST[$var]); |
|
| 90 | 90 | } |
| 91 | 91 | |
| 92 | 92 | /* |
| 93 | 93 | * Filtre l'accès à spip_acces_doc (injection SQL en 1.8.2x) |
| 94 | 94 | */ |
| 95 | -if (preg_match(',^(.*/)?spip_acces_doc\.,', (string)$_SERVER['REQUEST_URI'])) { |
|
| 96 | - $file = addslashes((string)$_GET['file']); |
|
| 95 | +if (preg_match(',^(.*/)?spip_acces_doc\.,', (string) $_SERVER['REQUEST_URI'])) { |
|
| 96 | + $file = addslashes((string) $_GET['file']); |
|
| 97 | 97 | } |
| 98 | 98 | |
| 99 | 99 | /* |
@@ -108,28 +108,28 @@ discard block |
||
| 108 | 108 | * Agenda joue à l'injection php |
| 109 | 109 | */ |
| 110 | 110 | if (isset($_REQUEST['partie_cal']) |
| 111 | -and $_REQUEST['partie_cal'] !== htmlentities((string)$_REQUEST['partie_cal'])) |
|
| 111 | +and $_REQUEST['partie_cal'] !== htmlentities((string) $_REQUEST['partie_cal'])) |
|
| 112 | 112 | $ecran_securite_raison = "partie_cal"; |
| 113 | 113 | if (isset($_REQUEST['echelle']) |
| 114 | -and $_REQUEST['echelle'] !== htmlentities((string)$_REQUEST['echelle'])) |
|
| 114 | +and $_REQUEST['echelle'] !== htmlentities((string) $_REQUEST['echelle'])) |
|
| 115 | 115 | $ecran_securite_raison = "echelle"; |
| 116 | 116 | |
| 117 | 117 | /* |
| 118 | 118 | * Espace privé |
| 119 | 119 | */ |
| 120 | 120 | if (isset($_REQUEST['exec']) |
| 121 | -and !preg_match(',^[\w-]+$,', (string)$_REQUEST['exec'])) |
|
| 121 | +and !preg_match(',^[\w-]+$,', (string) $_REQUEST['exec'])) |
|
| 122 | 122 | $ecran_securite_raison = "exec"; |
| 123 | 123 | if (isset($_REQUEST['cherche_auteur']) |
| 124 | -and preg_match(',[<],', (string)$_REQUEST['cherche_auteur'])) |
|
| 124 | +and preg_match(',[<],', (string) $_REQUEST['cherche_auteur'])) |
|
| 125 | 125 | $ecran_securite_raison = "cherche_auteur"; |
| 126 | 126 | if (isset($_REQUEST['exec']) |
| 127 | 127 | and $_REQUEST['exec'] == 'auteurs' |
| 128 | -and preg_match(',[<],', (string)$_REQUEST['recherche'])) |
|
| 128 | +and preg_match(',[<],', (string) $_REQUEST['recherche'])) |
|
| 129 | 129 | $ecran_securite_raison = "recherche"; |
| 130 | 130 | if (isset($_REQUEST['exec']) |
| 131 | 131 | and $_REQUEST['exec'] == 'info_plugin' |
| 132 | -and preg_match(',[<],', (string)$_REQUEST['plugin'])) |
|
| 132 | +and preg_match(',[<],', (string) $_REQUEST['plugin'])) |
|
| 133 | 133 | $ecran_securite_raison = "plugin"; |
| 134 | 134 | if (isset($_REQUEST['exec']) |
| 135 | 135 | and $_REQUEST['exec'] == 'puce_statut' |
@@ -142,7 +142,7 @@ discard block |
||
| 142 | 142 | or @file_exists('ecrire/inc_version.php')) { |
| 143 | 143 | function action_configurer() { |
| 144 | 144 | include_spip('inc/autoriser'); |
| 145 | - if(!autoriser('configurer', _request('configuration'))) { |
|
| 145 | + if (!autoriser('configurer', _request('configuration'))) { |
|
| 146 | 146 | include_spip('inc/minipres'); |
| 147 | 147 | echo minipres(_T('info_acces_interdit')); |
| 148 | 148 | exit; |
@@ -183,7 +183,7 @@ discard block |
||
| 183 | 183 | */ |
| 184 | 184 | if (_IS_BOT and ( |
| 185 | 185 | (isset($_REQUEST['echelle']) and isset($_REQUEST['partie_cal']) and isset($_REQUEST['type'])) |
| 186 | - or (strpos((string)$_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string)$_SERVER['REQUEST_URI'])) |
|
| 186 | + or (strpos((string) $_SERVER['REQUEST_URI'], 'debut_') and preg_match(',[?&]debut_.*&debut_,', (string) $_SERVER['REQUEST_URI'])) |
|
| 187 | 187 | ) |
| 188 | 188 | ) |
| 189 | 189 | $ecran_securite_raison = "robot agenda/double pagination"; |
@@ -195,7 +195,7 @@ discard block |
||
| 195 | 195 | if (isset($_REQUEST['page'])) { |
| 196 | 196 | if ($_REQUEST['page'] == 'test_cfg') |
| 197 | 197 | $ecran_securite_raison = "test_cfg"; |
| 198 | - if ($_REQUEST['page'] !== htmlspecialchars((string)$_REQUEST['page'])) |
|
| 198 | + if ($_REQUEST['page'] !== htmlspecialchars((string) $_REQUEST['page'])) |
|
| 199 | 199 | $ecran_securite_raison = "xsspage"; |
| 200 | 200 | if ($_REQUEST['page'] == '404' |
| 201 | 201 | and isset($_REQUEST['erreur'])) |
@@ -233,12 +233,12 @@ discard block |
||
| 233 | 233 | /* |
| 234 | 234 | * Outils XML mal sécurisés again |
| 235 | 235 | */ |
| 236 | -if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec']=='valider_xml'){ |
|
| 236 | +if (isset($_REQUEST['var_url']) and $_REQUEST['var_url'] and isset($_REQUEST['exec']) and $_REQUEST['exec'] == 'valider_xml') { |
|
| 237 | 237 | $url = trim($_REQUEST['var_url']); |
| 238 | - if (strncmp($url,'/',1)==0 |
|
| 239 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'..',$p+3)!==false) |
|
| 240 | - or (($p=strpos($url,'..'))!==false AND strpos($url,'IMG',$p+3)!==false) |
|
| 241 | - or (strpos($url,'://')!==false or strpos($url,':\\')!==false)) { |
|
| 238 | + if (strncmp($url, '/', 1) == 0 |
|
| 239 | + or (($p = strpos($url, '..')) !== false AND strpos($url, '..', $p + 3) !== false) |
|
| 240 | + or (($p = strpos($url, '..')) !== false AND strpos($url, 'IMG', $p + 3) !== false) |
|
| 241 | + or (strpos($url, '://') !== false or strpos($url, ':\\') !== false)) { |
|
| 242 | 242 | $ecran_securite_raison = 'URL interdite pour var_url'; |
| 243 | 243 | } |
| 244 | 244 | } |
@@ -247,10 +247,10 @@ discard block |
||
| 247 | 247 | * Sauvegarde mal securisée < 2.0.9 |
| 248 | 248 | */ |
| 249 | 249 | if (isset($_REQUEST['nom_sauvegarde']) |
| 250 | -and strstr((string)$_REQUEST['nom_sauvegarde'], '/')) |
|
| 250 | +and strstr((string) $_REQUEST['nom_sauvegarde'], '/')) |
|
| 251 | 251 | $ecran_securite_raison = 'nom_sauvegarde manipulee'; |
| 252 | 252 | if (isset($_REQUEST['znom_sauvegarde']) |
| 253 | -and strstr((string)$_REQUEST['znom_sauvegarde'], '/')) |
|
| 253 | +and strstr((string) $_REQUEST['znom_sauvegarde'], '/')) |
|
| 254 | 254 | $ecran_securite_raison = 'znom_sauvegarde manipulee'; |
| 255 | 255 | |
| 256 | 256 | |
@@ -265,8 +265,8 @@ discard block |
||
| 265 | 265 | /* |
| 266 | 266 | * Forms & Table ne se méfiait pas assez des uploads de fichiers |
| 267 | 267 | */ |
| 268 | -if (count($_FILES)){ |
|
| 269 | - foreach($_FILES as $k => $v){ |
|
| 268 | +if (count($_FILES)) { |
|
| 269 | + foreach ($_FILES as $k => $v) { |
|
| 270 | 270 | if (preg_match(',^fichier_\d+$,', $k) |
| 271 | 271 | and preg_match(',\.php,i', $v['name'])) |
| 272 | 272 | unset($_FILES[$k]); |
@@ -276,7 +276,7 @@ discard block |
||
| 276 | 276 | * et Contact trop laxiste avec une variable externe |
| 277 | 277 | * on bloque pas le post pour eviter de perdre des donnees mais on unset la variable et c'est tout |
| 278 | 278 | */ |
| 279 | -if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']){ |
|
| 279 | +if (isset($_REQUEST['pj_enregistrees_nom']) and $_REQUEST['pj_enregistrees_nom']) { |
|
| 280 | 280 | unset($_REQUEST['pj_enregistrees_nom']); |
| 281 | 281 | unset($_GET['pj_enregistrees_nom']); |
| 282 | 282 | unset($_POST['pj_enregistrees_nom']); |
@@ -306,7 +306,7 @@ discard block |
||
| 306 | 306 | /* |
| 307 | 307 | * Réinjection des clés en html dans l'admin r19561 |
| 308 | 308 | */ |
| 309 | -if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false){ |
|
| 309 | +if (strpos($_SERVER['REQUEST_URI'], "ecrire/") !== false) { |
|
| 310 | 310 | $zzzz = implode("", array_keys($_REQUEST)); |
| 311 | 311 | if (strlen($zzzz) != strcspn($zzzz, '<>"\'')) |
| 312 | 312 | $ecran_securite_raison = 'Cle incorrecte en $_REQUEST'; |
