Attachment #42545 for bug #96334

View | Details | Raw Unified | Return to bug 96334
Collapse All | Expand All




		$htmlattrs = $this->getHTMLattrs() ;

		# Strip non-approved attributes from the tag
		if( !preg_match_all(
			'/(\\w+)(\\s*=\\s*([^\\s\"\'>]+|\"[^\">]*\"|\'[^\'>]*\'))?(?=\\s|$)/',
			$t, $matches, PREG_SET_ORDER ) ) {
			// No matching attributes.
			return '';
		}
		
		$out = '';
		foreach( $matches as $set ) {
			if( in_array( strtolower( $set[1] ), $htmlattrs ) ) {
				$out .= ' ' . $set[1];
				if( isset( $set[3] ) ) {
					if( $set[3] == "''" ) {
						// special-case quick hack
						$out .= '=""';
					} else {
						$out .= '=' . $set[3];
					}
				}
			}
		}

		# Strip javascript "expression" from stylesheets. Brute force approach:
		# If anythin offensive is found, all attributes of the HTML tag are dropped

		if( preg_match(
			'/style\\s*=.*(expression|tps*:\/\/|url\\s*\().*/is',
			wfMungeToUtf8( $out ) ) )
		{
			$out = '';
		}
		
		# Templates and links may be expanded in later parsing,
		# creating invalid or dangerous output. Suppress this.
		$out = strtr( $out, array(
			'{'    => '&#123;',
			'['    => '&#91;',
			"''"   => '&#39;&#39;',
			'ISBN' => '&#73;SBN',
			'RFC'  => '&#82;FC',
			'PMID' => '&#80;MID',
		) );
		$out = preg_replace(
			'/(' . URL_PROTOCOLS . '):/',
			'\\1&#58;', $out );
		
		return trim( $out );
	}

	/**

		$fname = 'Parser::internalParse';
		wfProfileIn( $fname );

		$text = $this->removeHTMLtags( $text, array( &$this, 'replaceVariables' ) );
		$text = $this->replaceVariables( $text, $args );

		$text = preg_replace( '/(^|\n)-----*/', '\\1<hr />', $text );

			$this->mTemplatePath[$part1] = 1;

			$text = $this->strip( $text, $this->mStripState );
			$text = $this->removeHTMLtags( $text, array( &$this, 'replaceVariables' ), $assocArgs );
			$text = $this->replaceVariables( $text, $assocArgs );

			# Resume the link cache and register the inclusion as a link

	 * Cleans up HTML, removes dangerous tags and attributes, and
	 * removes HTML comments
	 * @access private
	 * @param string $text
	 * @param callback $processCallback to do any variable or parameter replacements in HTML attribute values
	 * @param array $args for the processing callback
	 * @return string
	 */
	function removeHTMLtags( $text, $processCallback = null, $args = array() ) {
		global $wgUseTidy, $wgUserHtml;
		$fname = 'Parser::removeHTMLtags';
		wfProfileIn( $fname );

			$tagstack = array(); $tablestack = array();
			foreach ( $bits as $x ) {
				$prev = error_reporting( E_ALL & ~( E_NOTICE | E_WARNING ) );
				preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
				$x, $regs );
				list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
				error_reporting( $prev );

							}
							array_push( $tagstack, $t );
						}

						# Replace any variables or template parameters with
						# plaintext results.
						if( is_callable( $processCallback ) ) {
							call_user_func_array( $processCallback, array( &$params, $args ) );
						}

						# Strip non-approved attributes from the tag
						$newparams = $this->fixTagAttributes($params);


		} else {
			# this might be possible using tidy itself
			foreach ( $bits as $x ) {
				preg_match( '/^(\\/?)(\\w+)([^>]*?)(\\/{0,1}>)([^<]*)$/',
				$x, $regs );
				@list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
				if ( in_array( $t = strtolower( $t ), $htmlelements ) ) {
					if( is_callable( $processCallback ) ) {
						call_user_func_array( $processCallback, array( &$params, $args ) );
					}
					$newparams = $this->fixTagAttributes($params);
					$rest = str_replace( '>', '&gt;', $rest );
					$text .= "<$slash$t $newparams$brace$rest";

Return to bug 96334

Lines 488-511 Link Here

(-)includes/Parser.php (-15 / +58 lines)
488	$htmlattrs = $this->getHTMLattrs() ;	488	$htmlattrs = $this->getHTMLattrs() ;
489		489
490	# Strip non-approved attributes from the tag	490	# Strip non-approved attributes from the tag
491	$t = preg_replace(	491	if( !preg_match_all(
492	'/(\\w+)(\\s=\\s([^\\s\">]+\|\"[^\">]*\"))?/e',	492	'/(\\w+)(\\s=\\s([^\\s\"\'>]+\|\"[^\">]\"\|\'[^\'>]\'))?(?=\\s\|$)/',
493	"(in_array(strtolower(\"\$1\"),\$htmlattrs)?(\"\$1\".((\"x\$3\" != \"x\")?\"=\$3\":'')):'')",	493	$t, $matches, PREG_SET_ORDER ) ) {
494	$t);	494	// No matching attributes.
495		495	return '';
496	$t = str_replace ( '<></>' , '' , $t ) ; # This should fix bug 980557	496	}
		497
		498	$out = '';
		499	foreach( $matches as $set ) {
		500	if( in_array( strtolower( $set[1] ), $htmlattrs ) ) {
		501	$out .= ' ' . $set[1];
		502	if( isset( $set[3] ) ) {
		503	if( $set[3] == "''" ) {
		504	// special-case quick hack
		505	$out .= '=""';
		506	} else {
		507	$out .= '=' . $set[3];
		508	}
		509	}
		510	}
		511	}
497		512
498	# Strip javascript "expression" from stylesheets. Brute force approach:	513	# Strip javascript "expression" from stylesheets. Brute force approach:
499	# If anythin offensive is found, all attributes of the HTML tag are dropped	514	# If anythin offensive is found, all attributes of the HTML tag are dropped
500		515
501	if( preg_match(	516	if( preg_match(
502	'/style\\s=.(expression\|tps:\/\/\|url\\s\().*/is',	517	'/style\\s=.(expression\|tps:\/\/\|url\\s\().*/is',
503	wfMungeToUtf8( $t ) ) )	518	wfMungeToUtf8( $out ) ) )
504	{	519	{
505	$t='';	520	$out = '';
506	}	521	}
507		522
508	return trim ( $t ) ;	523	# Templates and links may be expanded in later parsing,
		524	# creating invalid or dangerous output. Suppress this.
		525	$out = strtr( $out, array(
		526	'{' => '{',
		527	'[' => '[',
		528	"''" => '''',
		529	'ISBN' => 'ISBN',
		530	'RFC' => 'RFC',
		531	'PMID' => 'PMID',
		532	) );
		533	$out = preg_replace(
		534	'/(' . URL_PROTOCOLS . '):/',
		535	'\\1:', $out );
		536
		537	return trim( $out );
509	}	538	}
510		539
511	/**	540	/**
Lines 687-693 Link Here
687	$fname = 'Parser::internalParse';	716	$fname = 'Parser::internalParse';
688	wfProfileIn( $fname );	717	wfProfileIn( $fname );
689		718
690	$text = $this->removeHTMLtags( $text );	719	$text = $this->removeHTMLtags( $text, array( &$this, 'replaceVariables' ) );
691	$text = $this->replaceVariables( $text, $args );	720	$text = $this->replaceVariables( $text, $args );
692		721
693	$text = preg_replace( '/(^\|\n)-----*/', '\\1<hr />', $text );	722	$text = preg_replace( '/(^\|\n)-----*/', '\\1<hr />', $text );
Lines 2101-2107 Link Here
2101	$this->mTemplatePath[$part1] = 1;	2130	$this->mTemplatePath[$part1] = 1;
2102		2131
2103	$text = $this->strip( $text, $this->mStripState );	2132	$text = $this->strip( $text, $this->mStripState );
2104	$text = $this->removeHTMLtags( $text );	2133	$text = $this->removeHTMLtags( $text, array( &$this, 'replaceVariables' ), $assocArgs );
2105	$text = $this->replaceVariables( $text, $assocArgs );	2134	$text = $this->replaceVariables( $text, $assocArgs );
2106		2135
2107	# Resume the link cache and register the inclusion as a link	2136	# Resume the link cache and register the inclusion as a link
Lines 2197-2204 Link Here
2197	* Cleans up HTML, removes dangerous tags and attributes, and	2226	* Cleans up HTML, removes dangerous tags and attributes, and
2198	* removes HTML comments	2227	* removes HTML comments
2199	* @access private	2228	* @access private
		2229	* @param string $text
		2230	* @param callback $processCallback to do any variable or parameter replacements in HTML attribute values
		2231	* @param array $args for the processing callback
		2232	* @return string
2200	*/	2233	*/
2201	function removeHTMLtags( $text ) {	2234	function removeHTMLtags( $text, $processCallback = null, $args = array() ) {
2202	global $wgUseTidy, $wgUserHtml;	2235	global $wgUseTidy, $wgUserHtml;
2203	$fname = 'Parser::removeHTMLtags';	2236	$fname = 'Parser::removeHTMLtags';
2204	wfProfileIn( $fname );	2237	wfProfileIn( $fname );
Lines 2242-2248 Link Here
2242	$tagstack = array(); $tablestack = array();	2275	$tagstack = array(); $tablestack = array();
2243	foreach ( $bits as $x ) {	2276	foreach ( $bits as $x ) {
2244	$prev = error_reporting( E_ALL & ~( E_NOTICE \| E_WARNING ) );	2277	$prev = error_reporting( E_ALL & ~( E_NOTICE \| E_WARNING ) );
2245	preg_match( '/^(\\/?)(\\w+)([^>])(\\/{0,1}>)([^<])$/',	2278	preg_match( '/^(\\/?)(\\w+)([^>]?)(\\/{0,1}>)([^<])$/',
2246	$x, $regs );	2279	$x, $regs );
2247	list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;	2280	list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
2248	error_reporting( $prev );	2281	error_reporting( $prev );
Lines 2277-2282 Link Here
2277	}	2310	}
2278	array_push( $tagstack, $t );	2311	array_push( $tagstack, $t );
2279	}	2312	}
		2313
		2314	# Replace any variables or template parameters with
		2315	# plaintext results.
		2316	if( is_callable( $processCallback ) ) {
		2317	call_user_func_array( $processCallback, array( &$params, $args ) );
		2318	}
		2319
2280	# Strip non-approved attributes from the tag	2320	# Strip non-approved attributes from the tag
2281	$newparams = $this->fixTagAttributes($params);	2321	$newparams = $this->fixTagAttributes($params);
2282		2322
Lines 2297-2306 Link Here
2297	} else {	2337	} else {
2298	# this might be possible using tidy itself	2338	# this might be possible using tidy itself
2299	foreach ( $bits as $x ) {	2339	foreach ( $bits as $x ) {
2300	preg_match( '/^(\\/?)(\\w+)([^>])(\\/{0,1}>)([^<])$/',	2340	preg_match( '/^(\\/?)(\\w+)([^>]?)(\\/{0,1}>)([^<])$/',
2301	$x, $regs );	2341	$x, $regs );
2302	@list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;	2342	@list( $qbar, $slash, $t, $params, $brace, $rest ) = $regs;
2303	if ( in_array( $t = strtolower( $t ), $htmlelements ) ) {	2343	if ( in_array( $t = strtolower( $t ), $htmlelements ) ) {
		2344	if( is_callable( $processCallback ) ) {
		2345	call_user_func_array( $processCallback, array( &$params, $args ) );
		2346	}
2304	$newparams = $this->fixTagAttributes($params);	2347	$newparams = $this->fixTagAttributes($params);
2305	$rest = str_replace( '>', '>', $rest );	2348	$rest = str_replace( '>', '>', $rest );
2306	$text .= "<$slash$t $newparams$brace$rest";	2349	$text .= "<$slash$t $newparams$brace$rest";