boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

*) Fixed a bug in code for tables and hopefully eliminated XSS vulnarability which Allo pointed out to me.

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1754 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
low012 19 years ago
parent ef0abee387
commit 8bdbf0dfff
1 changed files with 115 additions and 9 deletions
Show Stats Download Patch File Download Diff File

124
source/de/anomic/data/wikiCode.java
Unescape View File

@ -294,7 +294,7 @@ public class wikiCode {
newrowstart=true; newrowstart=true;
line="<table"; line="<table";
if (result.trim().length()>2) { if (result.trim().length()>2) {
line+=" "+result.substring(2).replaceAll("&quot;","\"").trim(); line+=parseTableProperties(result.substring(2).trim());
} }
line+=">"; line+=">";
result=line; result=line;
@ -309,7 +309,6 @@ public class wikiCode {
result=line; result=line;
} }
else if ((result.startsWith("||")) && (table)) { else if ((result.startsWith("||")) && (table)) {
result = replaceHTMLonly(result);
line+="\t\t<td"; line+="\t\t<td";
int cellEnd=(result.indexOf("||",2)>0)?(result.indexOf("||",2)):(result.length()); int cellEnd=(result.indexOf("||",2)>0)?(result.indexOf("||",2)):(result.length());
int propEnd=(result.indexOf("|",2)>0)?(result.indexOf("|",2)):(cellEnd); int propEnd=(result.indexOf("|",2)>0)?(result.indexOf("|",2)):(cellEnd);
@ -317,7 +316,7 @@ public class wikiCode {
if (propEnd==cellEnd) { if (propEnd==cellEnd) {
propEnd=1; propEnd=1;
} else { } else {
line+=" "+result.substring(2,propEnd).trim().replaceAll("&quot;","\""); line+=parseTableProperties(result.substring(2,propEnd).trim());
} }
table=false; cellprocessing=true; table=false; cellprocessing=true;
line+=">"+processTable(result.substring(propEnd+1,cellEnd).trim(), switchboard)+"</td>"; line+=">"+processTable(result.substring(propEnd+1,cellEnd).trim(), switchboard)+"</td>";
@ -335,7 +334,113 @@ public class wikiCode {
return result; return result;
} }
/** processes ordered lists //contributed by [MN]
/** This method takes possible table properties and tests if they are valid.
* Valid in this case means if they are a property for the table, tr or td
* tag as stated in the HTML Pocket Reference by Jennifer Niederst (1st edition)
* The method is important to avoid XSS attacks on the wiki via table properties.
* @param str A string that may contain several table properties and/or junk.
* @return A string that only contains table properties.
*/
private String parseTableProperties(String str){
str = str.replaceAll("&quot;", ""); //killing all quotationmarks
String[] values = str.split("[= ]"); //splitting the string at = and blanks
str=""; //recycling... ;-)
int numberofvalues = values.length;
for(int i=0;i<numberofvalues;i++){
if((values[i].equals("rowspan")) ||
(values[i].equals("colspan")) ||
(values[i].equals("vspace")) ||
(values[i].equals("hspace")) ||
(values[i].equals("cellspacing")) ||
(values[i].equals("cellpadding")) ||
(values[i].equals("border"))){
if(i+1<numberofvalues){
if(values[i+1].matches("\\d+")){
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if((values[i].equals("width"))||(values[i].equals("height"))){
if(i+1<numberofvalues){
if(values[i+1].matches("\\d+%{0,1}")){
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("align")){
if(i+1<numberofvalues) {
if((values[i+1].equals("left")) ||
(values[i+1].equals("right")) ||
(values[i+1].equals("center"))) {
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("valign")){
if(i+1<numberofvalues) {
if((values[i+1].equals("top")) ||
(values[i+1].equals("middle")) ||
(values[i+1].equals("bottom")) ||
(values[i+1].equals("baseline"))) {
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("bgcolor")){
if(i+1<numberofvalues){
if(values[i+1].matches("#{0,1}[0-9a-fA-F]{1,6}|[a-zA-Z]{3,}")){
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("rules")){
if(i+1<numberofvalues) {
if((values[i+1].equals("none")) ||
(values[i+1].equals("groups")) ||
(values[i+1].equals("rows")) ||
(values[i+1].equals("cols")) ||
(values[i+1].equals("all"))) {
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("frame")){
if(i+1<numberofvalues) {
if((values[i+1].equals("void")) ||
(values[i+1].equals("above")) ||
(values[i+1].equals("below")) ||
(values[i+1].equals("hsides")) ||
(values[i+1].equals("lhs")) ||
(values[i+1].equals("rhs")) ||
(values[i+1].equals("vsides")) ||
(values[i+1].equals("box")) ||
(values[i+1].equals("border"))) {
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
}
else if(values[i].equals("summary")){
if(i+1<numberofvalues){
str = str + " "+values[i]+"=\""+values[i+1]+"\"";
i++;
}
}
else if(values[i].equals("nowrap")){
str = str + "nowrap";
}
}
return str;
} //end contrib [MN]
/** This method processes ordered lists.
*/ */
private String orderedList(String result){ private String orderedList(String result){
int p0 = 0; int p0 = 0;
@ -381,9 +486,8 @@ public class wikiCode {
return result; return result;
} }
/** creates a directory for the wiki page /** This method creates a directory for a wiki page.
* @return directory of the wiki * @return directory of the wiki
*
*/ */
//method contributed by [MN] //method contributed by [MN]
private String directory(){ private String directory(){
@ -434,7 +538,9 @@ public class wikiCode {
return directory; return directory;
} }
/** replaces two occurences of a substring in a string by a pair strings if occurence of that substring is an even number. This method is not greedy! /** Replaces two occurences of a substring in a string by a pair of strings if
* that substring occurs twice in the string. This method is not greedy! You'll
* have to run it in a loop if you want to replace all occurences of the substring.
* @param input the string that something is to be replaced in * @param input the string that something is to be replaced in
* @param pat substring to be replaced * @param pat substring to be replaced
* @param repl1 string substring gets replaced by on uneven occurences * @param repl1 string substring gets replaced by on uneven occurences
@ -478,11 +584,11 @@ public class wikiCode {
int p0, p1; int p0, p1;
boolean defList = false; //needed for definition lists boolean defList = false; //needed for definition lists
if ((!replacedHTML)&&(!cellprocessing)&&(!table)){ if (!replacedHTML){
result = replaceHTMLonly(result); result = replaceHTMLonly(result);
replacedHTML = true; replacedHTML = true;
} }
if ((!cellprocessing)&&(!replacedCharacters)){ if (!replacedCharacters){
result = replaceCharacters(result); result = replaceCharacters(result);
replacedCharacters = true; replacedCharacters = true;
} }

Write Preview
Loading…
Cancel
Save