Context Navigation

← Previous Changeset
Next Changeset →

Changeset 300

Timestamp:

09/06/06 20:42:31 (2 years ago)

Author:

michiel

Message:

-fixed more of the same typo (dont you just love copy/paste)
-updated old copyleft holders

-Added _handle_php_bugs function.

This function is written after I read what happened to aloith.debian.org today.
Some weird bugs in php were used to deface some sites on aloith and they also managed
to get an IRC proxy installed. Reading the POC of some of the bugs made me come up with
the new function. Part of the code was taken from resources on the web (php.net comments and advisory)
Users without register_globals=On in their php.ini wont have to worry :)

Location:

trunk

Files:

: 7 modified

admin/login.php (modified) (1 diff)
common/hosts.php.sample (modified) (1 diff)
common/mvblog_common.php (modified) (2 diffs)
common/rdf.php (modified) (1 diff)
common/rss.php (modified) (1 diff)
common/tb.php (modified) (1 diff)
index.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/admin/login.php

r168	r300
1	1	<?
2	2	/*
3		* MvBlog -- An open source no-non~~cenc~~e blogtool
	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5	5	* Copyright (C) 2005-2006, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>

trunk/common/hosts.php.sample

r250	r300
1	1	<?php
2	2	/*
3		* MvBlog -- An open source no-non~~cenc~~e blogtool
	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5		* Copyright (C) 2005, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	5	* Copyright (C) 2005-2006, Michiel van Baak
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>

trunk/common/mvblog_common.php

r292	r300
122	122	textdomain($domain);
123	123
	124	/* handle php bugs with globals overwrite */
	125	$this->_handle_php_bugs();
	126
124	127	/* handle magic quotes */
125	128	$this->_handle_magic_quotes();
…	…
154	157	/* }}} */
155	158	/* data manipulation methods */
	159	/* _handle_php_bugs {{{ */
	160	/**
	161	* Handle some php bugs.
	162	*
	163	* There's some weird bugs when register_globals is on.
	164	* You can clear them with stuff like this: ?GLOBALS&GLOBALS[bla]=test
	165	* So what we do is detect this and bail out.
	166	* We also make sure that if register_globals is on the gpc stuff will be removed from the globals stuff
	167	*/
	168	protected function _handle_php_bugs() {
	169	/**
	170	* catch "PHP5 Globals Vulnerability".
	171	* code taken from Advisory ttp://www.ush.it/2006/01/25/php5-globals-vulnerability/
	172	*/
	173	if (isset($HTTP_POST_VARS['GLOBALS']) \|\| isset($_POST['GLOBALS']) \|\| isset($HTTP_POST_FILES['GLOBALS']) \|\| isset($_FILES['GLOBALS']) \|\|
	174	isset($HTTP_GET_VARS['GLOBALS']) \|\| isset($_GET['GLOBALS']) \|\| isset($HTTP_COOKIE_VARS['GLOBALS']) \|\| isset($_COOKIE['GLOBALS']))
	175	die("GLOBAL GPC hacking attemt!");
	176	/**
	177	* if register_globals is on, you cannot turn it off with ini_set.
	178	* The vars will be registered before the ini_set is executed.
	179	* We can fake register_globals is off by removing the GPCFR keys from
	180	* the global var space :) I got the idea from Alan Hogan with his comment on php.net ini_set function docs.
	181	* I rewrote it to match mvblog codestyle
	182	*/
	183	if (ini_get("register_globals")) {
	184	foreach ($_GET as $key => $value)
	185	if (preg_match("/^([a-z]\|_){1}([a-z0-9]\|_)*$/si", $key))
	186	unset($GLOBALS[$key]);
	187
	188	foreach ($_POST as $key => $value)
	189	if (preg_match('/^([a-zA-Z]\|_){1}([a-zA-Z0-9]\|_)*$/', $key))
	190	unset($GLOBALS[$key]);
	191
	192	foreach ($_COOKIE as $key => $value)
	193	if (preg_match('/^([a-zA-Z]\|_){1}([a-zA-Z0-9]\|_)*$/', $key))
	194	unset($GLOBALS[$key]);
	195
	196	foreach ($_FILES as $key => $value)
	197	if (preg_match('/^([a-zA-Z]\|_){1}([a-zA-Z0-9]\|_)*$/', $key))
	198	unset($GLOBALS[$key]);
	199
	200	foreach ($_REQUEST as $key => $value)
	201	if (preg_match('/^([a-zA-Z]\|_){1}([a-zA-Z0-9]\|_)*$/', $key))
	202	unset($GLOBALS[$key]);
	203	}
	204	}
	205	/* }}} */
156	206	/* _handle_magic_quotes {{{ */
157	207	/**

trunk/common/rdf.php

r268	r300
1	1	<?php
2	2	/*
3		* MvBlog -- An open source no-non~~cenc~~e blogtool
	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5		* Copyright (C) 2005, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	5	* Copyright (C) 2005-2006, Michiel van Baak
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>

trunk/common/rss.php

r288	r300
1	1	<?php
2	2	/*
3		* MvBlog -- An open source no-non~~cenc~~e blogtool
	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5		* Copyright (C) 2005, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	5	* Copyright (C) 2005-2006, Michiel van Baak
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>

trunk/common/tb.php

r196	r300
1	1	<?php
2	2	/*
3		* MvBlog -- An open source no-non~~cenc~~e blogtool
	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5	5	* Copyright (C) 2005-2006, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>

trunk/index.php

r299	r300
3	3	* MvBlog -- An open source no-nonsense blogtool
4	4	*
5		* Copyright (C) 2005, Michiel van Baak
6		* Logo design (C) 2005, Sofie van Tendeloo
	5	* Copyright (C) 2005-2006, Michiel van Baak
	6	* Logo design (C) 2005-2006, Sofie van Tendeloo
7	7	*
8	8	* Michiel van Baak <mvanbaak@users.sourceforge.net>