Seditio Source
Root |
./othercms/Just-CMS v1.3.2 Valentina/admin/inc/security_functions.php
<?php
/**
 * Security
 *
 * @package GetSimple
 * @subpackage init
 */

/*
 * File and File MIME-TYPE Blacklist arrays
 */
$mime_type_blacklist = array(
   
# HTML may contain cookie-stealing JavaScript and web bugs
   
'text/html', 'text/javascript', 'text/x-javascript',  'application/x-shellscript',
   
# PHP scripts may execute arbitrary code on the server
   
'application/x-php', 'text/x-php',
   
# Other types that may be interpreted by some servers
   
'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh',
   
# Client-side hazards on Internet Explorer
   
'text/scriptlet', 'application/x-msdownload',
   
# Windows metafile, client-side vulnerability on some systems
   
'application/x-msmetafile',
   
# MS Office OpenXML and other Open Package Conventions files are zip files
    # and thus blacklisted just as other zip files
   
'application/x-opc+zip'
);
$file_ext_blacklist = array(
   
# HTML may contain cookie-stealing JavaScript and web bugs
   
'html', 'htm', 'js', 'jsb', 'mhtml', 'mht',
   
# PHP scripts may execute arbitrary code on the server
   
'php', 'phtml', 'php3', 'php4', 'php5', 'phps',
   
# Other types that may be interpreted by some servers
   
'shtml', 'jhtml', 'pl', 'py', 'cgi', 'sh', 'ksh', 'bsh', 'c', 'htaccess', 'htpasswd',
   
# May contain harmful executables for Windows victims
   
'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl'
);


/**
 * Anti-XSS
 *
 * Attempts to clean variables from XSS attacks
 * @since 2.03
 *
 * @author Martijn van der Ven
 *
 * @param string $str The string to be stripped of XSS attempts
 * @return string
 */
function antixss($str){
   
// attributes blacklist:
   
$attr = array('style','on[a-z]+');
   
// elements blacklist:
   
$elem = array('script','iframe','embed','object');
   
// extermination:
   
$str = preg_replace('#<!--.*?-->?#', '', $str);
   
$str = preg_replace('#<!--#', '', $str);
   
$str = preg_replace('#(<[a-z]+(\s+[a-z][a-z\-]+\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*))*)\s+href\s*=\s*(\'javascript:[^\']*\'|"javascript:[^"]*"|javascript:[^\s>]*)((\s+[a-z][a-z\-]*\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*))*\s*>)#is', '$1$5', $str);
    foreach(
$attr as $a) {
       
$regex = '(<[a-z]+(\s+[a-z][a-z\-]+\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*))*)\s+'.$a.'\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*)((\s+[a-z][a-z\-]*\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*))*\s*>)';
       
$str = preg_replace('#'.$regex.'#is', '$1$5', $str);
    }
    foreach(
$elem as $e) {
       
$regex = '<'.$e.'(\s+[a-z][a-z\-]*\s*=\s*(\'[^\']*\'|"[^"]*"|[^\'">][^\s>]*))*\s*>.*?<\/'.$e.'\s*>';
       
$str = preg_replace('#'.$regex.'#is', '', $str);
    }
    return
$str;
}


/**
 * Get Nonce
 *
 * @since 2.03
 * @author tankmiche
 * @uses $USR
 * @uses $SALT
 *
 * @param string $action Id of current page
 * @param string $file Optional, default is empty string
 * @param bool $last
 * @return string
 */
function get_nonce($action, $file = "", $last = false) {
    global
$USR;
    global
$SALT;
   
    if(
$file == "")
       
$file = $_SERVER['PHP_SELF'];
   
   
// using user agent since ip can change on proxys
   
$uid = $_SERVER['HTTP_USER_AGENT'];
   
   
// Limits Nonce to one hour
   
$time = $last ? time() - 3600: time();
   
   
// Mix with a little salt
   
$hash=sha1($action.$file.$uid.$USR.$SALT.@date('YmdH',$time));
   
    return
$hash;
}


/**
 * Check Nonce
 *
 * @since 2.03
 * @author tankmiche
 * @uses get_nonce
 *
 * @param string $nonce
 * @param string $action
 * @param string $file Optional, default is empty string
 * @return bool
 */    
function check_nonce($nonce, $action, $file = ""){
    return (
$nonce === get_nonce($action, $file) || $nonce === get_nonce($action, $file, true) );
}

/*
 * Validate Safe File
 *
 * @since 3.1
 * @uses file_mime_type
 * @uses $mime_type_blacklist
 * @uses $file_ext_blacklist
 *
 * @param string $file, absolute path
 * @param string $name, default null
 * @param string $type, default 'upload'
 * @return bool
 */    
function validate_safe_file($file, $name, $mime){
    global
$mime_type_blacklist, $file_ext_blacklist, $mime_type_whitelist, $file_ext_whitelist;

    include(
GSADMININCPATH.'configuration.php');

   
$file_extention = pathinfo($name,PATHINFO_EXTENSION);
   
$file_mime_type = $mime;

    if (
$mime_type_whitelist && in_arrayi($file_mime_type, $mime_type_whitelist)) {
        return
true;    
    } elseif (
$file_ext_whitelist && $in_arrayi($file_extention, $file_ext_whitelist)) {
        return
true;    
    }

   
// skip blackist checks if whitelists exist
   
if($mime_type_whitelist || $file_ext_whitelist) return false;

    if (
in_arrayi($file_mime_type, $mime_type_blacklist)) {
        return
false;    
    } elseif (
in_arrayi($file_extention, $file_ext_blacklist)) {
        return
false;    
    } else {
        return
true;    
    }
}

/**
 * Checks that an existing filepath is safe to use by checking canonicalized absolute pathname.
 *
 * @since 3.1.3
 *
 * @param string $path Unknown Path to file to check for safety
 * @param string $pathmatch Known Path to parent folder to check against
 * @param bool $subdir allow path to be a deeper subfolder
 * @return bool Returns true if files path resolves to your known path
 */
function filepath_is_safe($path,$pathmatch,$subdir = true){
   
$realpath = realpath($path);
   
$realpathmatch = realpath($pathmatch);
    if(
$subdir) return strpos(dirname($realpath),$realpathmatch) === 0;
    return
dirname($realpath) == $realpathmatch;
}

/**
 * Checks that an existing path is safe to use by checking canonicalized absolute path
 *
 * @since 3.1.3
 *
 * @param string $path Unknown Path to check for safety
 * @param string $pathmatch Known Path to check against
 * @param bool $subdir allow path to be a deeper subfolder
 * @return bool Returns true if $path is direct subfolder of $pathmatch
 *
 */
function path_is_safe($path,$pathmatch,$subdir = true){
   
$realpath = realpath($path);
   
$realpathmatch = realpath($pathmatch);
    if(
$subdir) return strpos($realpath,$realpathmatch) === 0;
    return
$realpath == $realpathmatch;
}

/**
 * Check if server is Apache
 *
 * @returns bool
 */
function server_is_apache() {
    return(
strpos(strtolower($_SERVER['SERVER_SOFTWARE']),'apache') !== false );
}

/**
 * Performs filtering on variable, falls back to htmlentities
 *
 * @since 3.3.0
 * @param  string $var    var to filter
 * @param  string $filter filter type
 * @return string         return filtered string
 */
function var_out($var,$filter = "special"){
    if(
function_exists( "filter_var") ){
       
$aryFilter = array(
           
"string"  => FILTER_SANITIZE_STRING,
           
"int"     => FILTER_SANITIZE_NUMBER_INT,
           
"float"   => FILTER_SANITIZE_NUMBER_FLOAT,
           
"url"     => FILTER_SANITIZE_URL,
           
"email"   => FILTER_SANITIZE_EMAIL,
           
"special" => FILTER_SANITIZE_SPECIAL_CHARS,
        );
        if(isset(
$aryFilter[$filter])) return filter_var( $var, $aryFilter[$filter]);
        return
filter_var( $var, FILTER_SANITIZE_SPECIAL_CHARS);
    }
    else {
        return
htmlentities($var);
    }
}