Commit 9d7701e8 authored by Son Nguyen's avatar Son Nguyen Committed by Robert Lyon

Make sure imported custom skin xml entries are clean. Bug 1508684

behatnotneeded

Change-Id: I2e597d5931391e731baefa46d5f9d9ca2059ee10
parent 23b0e15c
......@@ -4339,3 +4339,59 @@ function recursive_implode(array $array, $include_keys = false, $separator = ','
$trim_all and $glued_string = preg_replace("/(\s)/ixsm", '', $glued_string);
return (string) $glued_string;
}
/**
* Check if the given input is a serialized string
* @param varied $sstr
*/
function is_serialized_string($sstr) {
if (is_string($sstr)) {
return (preg_match('/^s:\d+:".*";$/s', $sstr) === 1);
}
return false;
}
/**
* Check if the given input is a valid serialized stdClass object of a skin attribute
* Each object's property can only be a string, integer or null
* @param string $sobj
*/
function is_valid_serialized_skin_attribute($sobj) {
if (is_string($sobj) && preg_match('/^O:8:"stdClass":\d+:{.*}$/s', $sobj)) {
// Make sure each property is a string, integer or null.
$pos = strpos($sobj, '{');
$sattrs = substr($sobj, $pos + 1, -1);
$cur = 0;
while ($cur < strlen($sattrs)) {
switch ($sattrs[$cur]) {
case 's':
$cur+=2;
$strsize = "";
while ($sattrs[$cur] >= '0' && $sattrs[$cur] <= '9') {
$strsize .= $sattrs[$cur];
$cur++;
}
if ($sattrs[$cur] == ':') {
$cur += (int) $strsize + 4;
}
break;
case 'i':
$cur+=2;
$strsize = "";
while ($sattrs[$cur] >= '0' && $sattrs[$cur] <= '9') {
$cur++;
}
$cur ++ ;
break;
case 'N':
$cur+=2;
break;
default:
// Wrong serialized format
return false;
}
}
return true;
}
return false;
}
......@@ -198,7 +198,13 @@ function importskinform_submit(Pieform $form, $values) {
// Custom CSS element...
$items = $skindata->getElementsByTagName('customcss');
foreach ($items as $item) {
$skin['view_custom_css'] = clean_css(unserialize($item->getAttribute('contents')), $preserve_css=true);
$contents = $item->getAttribute('contents');
if (is_serialized_string($contents)) {
$skin['view_custom_css'] = clean_css(unserialize($contents), $preserve_css=true);
}
else {
$skin['view_custom_css'] = "/* Invalid imported CSS */";
}
}
// Image element...
......@@ -214,11 +220,22 @@ function importskinform_submit(Pieform $form, $values) {
// TODO: When we rework the file upload code to make it more general,
// rewrite this to reuse content from filebrowser.php
$now = date("Y-m-d H:i:s");
$artefact = (object)array_merge(
(array)unserialize($item->getAttribute('artefact')),
(array)unserialize($item->getAttribute('artefact_file_files')),
(array)unserialize($item->getAttribute('artefact_file_image'))
);
$artefact_attr = $item->getAttribute('artefact');
$artefact_file_files_attr = $item->getAttribute('artefact_file_files');
$artefact_file_image_attr = $item->getAttribute('artefact_file_image');
if (is_valid_serialized_skin_attribute($artefact_attr)
&& is_valid_serialized_skin_attribute($artefact_file_files_attr)
&& is_valid_serialized_skin_attribute($artefact_file_image_attr)
) {
$artefact = (object)array_merge(
(array)unserialize($artefact_attr),
(array)unserialize($artefact_file_files_attr),
(array)unserialize($artefact_file_image_attr)
);
}
else {
$artefact = new stdClass();
}
unset($artefact->id);
unset($artefact->fileid);
$artefact->owner = $USER->get('id');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment