disallow JS in template code

michield · michield · commit e963bf6abdf8 · 2020-03-22T23:24:39.000Z
diff --git a/public_html/lists/admin/inc/magic_quotes.php b/public_html/lists/admin/inc/magic_quotes.php
@@ -44,10 +44,33 @@ function removeXss($string)
     }
     //$string = preg_replace('/<script/im','&lt;script',$string);
     $string = htmlspecialchars($string);
-
     return $string;
 }
 
+function disableJavascript($content) {
+    ## disallow Javascript
+    $content = str_ireplace('<script','< script',$content);
+    $content = str_ireplace('onmouseover','on mouse over',$content);
+    $content = str_ireplace('onmouseout','on mouse out',$content);
+    $content = str_ireplace('onmousemove','on mouse move',$content);
+    $content = str_ireplace('onmousedown','on mouse down',$content);
+    $content = str_ireplace('onclick','on click',$content);
+    $content = str_ireplace('ondblclick','on dbl click',$content);
+    $content = str_ireplace('onload','on load',$content);
+    $content = str_ireplace('onunload','on unload',$content);
+    $content = str_ireplace('onerror','on error',$content);
+    $content = str_ireplace('onresize','on resize',$content);
+    $content = str_ireplace('onblur','on blue',$content);
+    $content = str_ireplace('onchange','on change',$content);
+    $content = str_ireplace('onfocus','on focus',$content);
+    $content = str_ireplace('onselect','on select',$content);
+    $content = str_ireplace('onsubmit','on submit',$content);
+    $content = str_ireplace('onreset','on reset',$content);
+    $content = str_ireplace('onkeyup','on keyup',$content);
+    $content = str_ireplace('onkeydown','on keydown',$content);
+    return $content;
+}
+
 /*
 foreach ($_POST as $key => $val) {
   print "POST: $key = $val<br/>";
diff --git a/public_html/lists/admin/template.php b/public_html/lists/admin/template.php
@@ -80,7 +80,7 @@ function getTemplateLinks($content)
     //$msg = '';
 } elseif (!empty($_POST['save']) || !empty($_POST['sendtest'])) { //# let's save when sending a test
     $templateok = 1;
-    $title = $_POST['title'];
+    $title = strip_tags($_POST['title']);
     $req = Sql_Query(sprintf('select * from %s where title = "%s" ',$tables['template'], sql_escape($title)));
     if(Sql_Affected_Rows()){
         $titleExists = true;
@@ -91,9 +91,9 @@ function getTemplateLinks($content)
     if($titleExists && !$id){
         $actionresult .= s('The title of the template exists.').'<br/>';
         $templateok = 0;
-
     }
 
+    $content = disableJavascript($content);
     if (!empty($title) && strpos($content, '[CONTENT]') !== false) {
         $images = getTemplateImages($content);
 
