Commit 543a8909 authored by Son Nguyen's avatar Son Nguyen Committed by Gerrit Code Review
Browse files

Merge "Make sure imported custom skin xml entries are clean. Bug 1508684"

parents 8e8a46db 39916540
......@@ -4493,3 +4493,59 @@ function pieform($data) {
require_once(get_config('libroot') . 'pieforms/pieform.php');
return Pieform::process($data);
}
/**
* Check if the given input is a serialized string
* @param varied $sstr
*/
function is_serialized_string($sstr) {
if (is_string($sstr)) {
return (preg_match('/^s:\d+:".*";$/s', $sstr) === 1);
}
return false;
}
/**
* Check if the given input is a valid serialized stdClass object of a skin attribute
* Each object's property can only be a string, integer or null
* @param string $sobj
*/
function is_valid_serialized_skin_attribute($sobj) {
if (is_string($sobj) && preg_match('/^O:8:"stdClass":\d+:{.*}$/s', $sobj)) {
// Make sure each property is a string, integer or null.
$pos = strpos($sobj, '{');
$sattrs = substr($sobj, $pos + 1, -1);
$cur = 0;
while ($cur < strlen($sattrs)) {
switch ($sattrs[$cur]) {
case 's':
$cur+=2;
$strsize = "";
while ($sattrs[$cur] >= '0' && $sattrs[$cur] <= '9') {
$strsize .= $sattrs[$cur];
$cur++;
}
if ($sattrs[$cur] == ':') {
$cur += (int) $strsize + 4;
}
break;
case 'i':
$cur+=2;
$strsize = "";
while ($sattrs[$cur] >= '0' && $sattrs[$cur] <= '9') {
$cur++;
}
$cur ++ ;
break;
case 'N':
$cur+=2;
break;
default:
// Wrong serialized format
return false;
}
}
return true;
}
return false;
}
......@@ -198,7 +198,13 @@ function importskinform_submit(Pieform $form, $values) {
// Custom CSS element...
$items = $skindata->getElementsByTagName('customcss');
foreach ($items as $item) {
$skin['view_custom_css'] = clean_css(unserialize($item->getAttribute('contents')), $preserve_css=true);
$contents = $item->getAttribute('contents');
if (is_serialized_string($contents)) {
$skin['view_custom_css'] = clean_css(unserialize($contents), $preserve_css=true);
}
else {
$skin['view_custom_css'] = "/* Invalid imported CSS */";
}
}
// Image element...
......@@ -214,11 +220,22 @@ function importskinform_submit(Pieform $form, $values) {
// TODO: When we rework the file upload code to make it more general,
// rewrite this to reuse content from filebrowser.php
$now = date("Y-m-d H:i:s");
$artefact = (object)array_merge(
(array)unserialize($item->getAttribute('artefact')),
(array)unserialize($item->getAttribute('artefact_file_files')),
(array)unserialize($item->getAttribute('artefact_file_image'))
);
$artefact_attr = $item->getAttribute('artefact');
$artefact_file_files_attr = $item->getAttribute('artefact_file_files');
$artefact_file_image_attr = $item->getAttribute('artefact_file_image');
if (is_valid_serialized_skin_attribute($artefact_attr)
&& is_valid_serialized_skin_attribute($artefact_file_files_attr)
&& is_valid_serialized_skin_attribute($artefact_file_image_attr)
) {
$artefact = (object)array_merge(
(array)unserialize($artefact_attr),
(array)unserialize($artefact_file_files_attr),
(array)unserialize($artefact_file_image_attr)
);
}
else {
$artefact = new stdClass();
}
unset($artefact->id);
unset($artefact->fileid);
$artefact->owner = $USER->get('id');
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment