~ubuntu-branches/ubuntu/natty/otrs2/natty-security
» Revision
40
: Kernel/Modules/AgentTicketAttachment.pm
« back to all changes in this revision
Viewing changes to Kernel/Modules/AgentTicketAttachment.pm
- browse files at revision 40
- compare with another revision
- download diff
- download tarball
- view history from revision 40
- Committer: Package Import Robot
- Author(s): Tyler Hicks
- Date: 2012-09-07 09:56:33 UTC
- Revision ID: package-import@ubuntu.com-20120907095633-pz6m6h287xh9p161
Tags: 2.4.9+dfsg1-3+squeeze3build0.11.04.1
fake sync from Debian
- files added:
- .pc/.quilt_patches
- .pc/17-security-osa-2012-01.diff
- .pc/17-security-osa-2012-01.diff/Kernel
- .pc/17-security-osa-2012-01.diff/Kernel/Output
- .pc/17-security-osa-2012-01.diff/Kernel/Output/HTML
- .pc/17-security-osa-2012-01.diff/Kernel/Output/HTML/Standard
- .pc/18-security-tag-nesting.diff
- .pc/18-security-tag-nesting.diff/Kernel
- .pc/18-security-tag-nesting.diff/Kernel/Modules
- files modified:
- .pc/applied-patches
added
removed
Kernel/Modules/AgentTicketAttachment.pm
1
1
# --
2
2
# Kernel/Modules/AgentTicketAttachment.pm - to get the attachments
3
# Copyright (C) 2001-2010 OTRS AG, http://otrs.org/
3
# Copyright (C) 2001-2012 OTRS AG, http://otrs.org/
4
4
# --
5
# $Id: AgentTicketAttachment.pm,v 1.22.2.6 2010/10/06 09:54:28 martin Exp $
5
# $Id: AgentTicketAttachment.pm,v 1.22.2.7 2012/08/28 08:22:28 mg Exp $
6
6
# --
7
7
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
8
8
# the enclosed file COPYING for license information (AGPL). If you
17
17
use Kernel::System::FileTemp;
18
18
19
19
use vars qw($VERSION);
20
$VERSION = qw($Revision: 1.22.2.6 $) [1];
20
$VERSION = qw($Revision: 1.22.2.7 $) [1];
21
21
22
22
sub new {
23
23
my ( $Type, %Param ) = @_;
365
365
366
366
my %Safety;
367
367
368
# remove script tags
369
if ( $Param{NoJavaScript} ) {
370
$Safety{Replace} ||= ${$String} =~ s{
371
<scrip.+?>(.+?|.?)</script>
372
}
373
{}sgxim;
374
$Safety{Replace} ||= ${$String} =~ s{
375
<scrip.+?>.+?(<|>)
376
}
377
{}sgxim;
378
}
379
380
# remove <applet> tags
381
if ( $Param{NoApplet} ) {
382
$Safety{Replace} ||= ${$String} =~ s{
383
<apple.+?>(.+?)</applet>
384
}
385
{}sgxim;
386
}
387
388
# remove <Object> tags
389
if ( $Param{NoObject} ) {
390
$Safety{Replace} ||= ${$String} =~ s{
391
<objec.+?>(.+?)</object>
392
}
393
{}sgxim;
394
}
395
396
# remove style/javascript parts
397
if ( $Param{NoJavaScript} ) {
398
$Safety{Replace} ||= ${$String} =~ s{
399
<style.+?javascript(.+?|)>(.*)</style>
400
}
401
{}sgxim;
402
}
403
404
# remove <embed> tags
405
if ( $Param{NoEmbed} ) {
406
$Safety{Replace} ||= ${$String} =~ s{
407
<embed\s.+?>
408
}
409
{}sgxim;
410
}
411
412
# check each html tag
413
${$String} =~ s{
414
(<.+?>)
415
}
416
{
417
my $Tag = $1;
418
if ($Param{NoJavaScript}) {
419
420
# remove on action sub tags
421
$Safety{Replace} ||= $Tag =~ s{
422
\son.+?=(".+?"|'.+?'|.+?)(>|\s)
423
}
424
{
425
$2;
426
}sgxime;
427
428
# remove entities sub tags
429
$Safety{Replace} ||= $Tag =~ s{
430
(&\{.+?\})
431
}
432
{}sgxim;
433
434
# remove javascript in a href links or src links
435
$Safety{Replace} ||= $Tag =~ s{
436
((\s|;)(background|url|src|href)=)('|"|)(javascript.+?)('|"|)(\s|>)
437
}
438
{
439
"$1\"\"$7";
440
}sgxime;
441
442
# remove link javascript tags
443
$Safety{Replace} ||= $Tag =~ s{
444
(<link.+?javascript(.+?|)>)
445
}
446
{}sgxim;
447
448
}
449
450
# remove load tags
451
if ($Param{NoIntSrcLoad} || $Param{NoExtSrcLoad}) {
452
$Tag =~ s{
453
(<(.+?)\ssrc=(.+?)(\s.+?|)>)
454
}
455
{
456
my $URL = $3;
457
if ($Param{NoIntSrcLoad} || ($Param{NoExtSrcLoad} && $URL =~ /(http|ftp|https):\//i)) {
458
$Safety{Replace} = 1;
368
my $Replaced;
369
370
# In UTF-7, < and > can be encoded to mask them from security filters like this one.
371
my $TagStart = '(?:<|[+]ADw-)';
372
my $TagEnd = '(?:>|[+]AD4-)';
373
374
# Replace as many times as it is needed to avoid nesting tag attacks.
375
do {
376
$Replaced = undef;
377
378
# remove script tags
379
if ( $Param{NoJavaScript} ) {
380
$Replaced += ${$String} =~ s{
381
$TagStart script.*? $TagEnd .*? $TagStart /script \s* $TagEnd
382
}
383
{}sgxim;
384
$Replaced += ${$String} =~ s{
385
$TagStart script.*? $TagEnd .+? ($TagStart|$TagEnd)
386
}
387
{}sgxim;
388
389
# remove style/javascript parts
390
$Replaced += ${$String} =~ s{
391
$TagStart style[^>]+?javascript(.+?|) $TagEnd (.*?) $TagStart /style \s* $TagEnd
392
}
393
{}sgxim;
394
395
# remove MS CSS expressions (JavaScript embedded in CSS)
396
${$String} =~ s{
397
($TagStart style[^>]+? $TagEnd .*? $TagStart /style \s* $TagEnd)
398
}
399
{
400
if ( index($1, 'expression(' ) > -1 ) {
401
$Replaced = 1;
459
402
'';
460
403
}
461
404
else {
462
405
$1;
463
406
}
464
}segxim;
465
}
466
467
# replace original tag with clean tag
468
$Tag;
469
}segxim;
407
}egsxim;
408
}
409
410
# remove <applet> tags
411
if ( $Param{NoApplet} ) {
412
$Replaced += ${$String} =~ s{
413
$TagStart applet.*? $TagEnd (.*?) $TagStart /applet \s* $TagEnd
414
}
415
{}sgxim;
416
}
417
418
# remove <Object> tags
419
if ( $Param{NoObject} ) {
420
$Replaced += ${$String} =~ s{
421
$TagStart object.*? $TagEnd (.*?) $TagStart /object \s* $TagEnd
422
}
423
{}sgxim;
424
}
425
426
# remove <svg> tags
427
if ( $Param{NoSVG} ) {
428
$Replaced += ${$String} =~ s{
429
$TagStart svg.*? $TagEnd (.*?) $TagStart /svg \s* $TagEnd
430
}
431
{}sgxim;
432
}
433
434
# remove <embed> tags
435
if ( $Param{NoEmbed} ) {
436
$Replaced += ${$String} =~ s{
437
$TagStart embed.*? $TagEnd
438
}
439
{}sgxim;
440
}
441
442
# check each html tag
443
${$String} =~ s{
444
($TagStart.+?$TagEnd)
445
}
446
{
447
my $Tag = $1;
448
if ($Param{NoJavaScript}) {
449
450
# remove on action attributes
451
$Replaced += $Tag =~ s{
452
\son.+?=(".+?"|'.+?'|.+?)($TagEnd|\s)
453
}
454
{$2}sgxim;
455
456
# remove entities in tag
457
$Replaced += $Tag =~ s{
458
(&\{.+?\})
459
}
460
{}sgxim;
461
462
# remove javascript in a href links or src links
463
$Replaced += $Tag =~ s{
464
((\s|;)(background|url|src|href)=)('|"|)(javascript.+?)('|"|)(\s|$TagEnd)
465
}
466
{
467
"$1\"\"$7";
468
}sgxime;
469
470
# remove link javascript tags
471
$Replaced += $Tag =~ s{
472
($TagStart link .+? javascript (.+?|) $TagEnd)
473
}
474
{}sgxim;
475
476
# remove MS CSS expressions (JavaScript embedded in CSS)
477
$Replaced += $Tag =~ s{
478
\sstyle=("|')[^\1]*?expression[(][^\1]*?\1($TagEnd|\s)
479
}
480
{
481
$2;
482
}egsxim;
483
}
484
485
# remove load tags
486
if ($Param{NoIntSrcLoad} || $Param{NoExtSrcLoad}) {
487
$Tag =~ s{
488
($TagStart (.+?) \s src=(.+?) (\s.+?|) $TagEnd)
489
}
490
{
491
my $URL = $3;
492
if ($Param{NoIntSrcLoad} || ($Param{NoExtSrcLoad} && $URL =~ /(http|ftp|https):\//i)) {
493
$Replaced = 1;
494
'';
495
}
496
else {
497
$1;
498
}
499
}segxim;
500
}
501
502
# replace original tag with clean tag
503
$Tag;
504
}segxim;
505
506
$Safety{Replace} += $Replaced;
507
508
} while ($Replaced);
470
509
471
510
# check ref && return result like called
472
511
if ($StringScalar) {
Loggerhead is a web-based interface for Breezy
Version: 2.0.1