diff options
author | D. V. Serg <dvserg@pfsense.org> | 2008-10-05 13:41:20 +0000 |
---|---|---|
committer | D. V. Serg <dvserg@pfsense.org> | 2008-10-05 13:41:20 +0000 |
commit | 43d9fe3901e595bf902a93ab40987144ba70a9f8 (patch) | |
tree | 7780a1f7fdc84022ee5b72ff67e801daa73080ef /packages/squidGuard | |
parent | 13418f948cc7adcda91d6b728f55a70c74cd611d (diff) | |
download | pfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.tar.gz pfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.tar.bz2 pfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.zip |
Fixed Destinations URL validation bug
Diffstat (limited to 'packages/squidGuard')
-rw-r--r-- | packages/squidGuard/sgerror.php | 56 | ||||
-rw-r--r-- | packages/squidGuard/squidguard_configurator.inc | 18 |
2 files changed, 64 insertions, 10 deletions
diff --git a/packages/squidGuard/sgerror.php b/packages/squidGuard/sgerror.php index 7e3b5c6c..8084c5c3 100644 --- a/packages/squidGuard/sgerror.php +++ b/packages/squidGuard/sgerror.php @@ -140,16 +140,24 @@ if ($url) { } # blank page - if ($url === 'blank') { + if ($url === TAG_BLANK) { echo get_page(''); } # blank image elseif ($url === TAG_BLANK_IMG) { - # -------------------------------------------------------------- - # return blank image - # -------------------------------------------------------------- - header("Content-Type: image/gif;"); // charset=windows-1251"); - echo GIF_BODY; + $msg = trim($msg); + if(strpos($msg, "maxlen_") !== false) { + $maxlen = intval(trim(str_replace("maxlen_", "", $url))); + filter_by_image_size($cl['u'], $maxlen); + exit(); + } + else { + # -------------------------------------------------------------- + # return blank image + # -------------------------------------------------------------- + header("Content-Type: image/gif;"); // charset=windows-1251"); + echo GIF_BODY; + } } # error code elseif ($err_id !== 0) { @@ -237,4 +245,40 @@ function get_about() { return implode("\n", $str); } + +function filter_by_image_size($url, $val_size) { + + # load url header + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_HEADER, 1); + curl_setopt($ch, CURLOPT_NOBODY, 1); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + $hd = curl_exec($ch); + curl_close($ch); + + $size = 0; + $SKEY = "content-length:"; + $s_tmp = strtolower($hd); + $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n" + if (strpos($s_tmp, $SKEY) !== false) { + $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY))); + $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " "))); + if (is_numeric($s_tmp)) + $size = intval($s_tmp); + else $size = 0; + } + + # === check url type and content size === + # redirect to specified url + if (($size !== 0) && ($size < $val_size)) { + header("HTTP/1.0"); + header("Location: $url", '', 302); + } + # return blank image + else { + header("Content-Type: image/gif;"); + echo GIF_BODY; + } +} ?>
\ No newline at end of file diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc index 754cbc32..b359fa0a 100644 --- a/packages/squidGuard/squidguard_configurator.inc +++ b/packages/squidGuard/squidguard_configurator.inc @@ -1069,8 +1069,8 @@ function sg_redirector_base_url($rdr_info, $redirect_mode) case RMOD_EXT_RDR: $rdr_path = "$rdr_info"; break; case RMOD_EXT_MOVED: $rdr_path = "301:$rdr_info"; break; case RMOD_EXT_FOUND: $rdr_path = "302:$rdr_info"; break; - case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank"; break; - case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img"; break; + case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break; + case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break; case RMOD_INT_SIZELIMIT: $rdr_path .= "?url=maxlen_$rdr_info" . REDIRECT_URL_ARGS; break; case RMOD_INT_ERRORPAGE: default: $rdr_path .= "?url=" . rawurlencode("403 $rdr_info") . REDIRECT_URL_ARGS; break; @@ -1746,6 +1746,16 @@ function is_url($url) if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; # http error code 30x, 4xx, 50x. return false; } + +# url as 'domain/path': 'mydomain.com/index.php' +function is_dest_url($url) +{ + $fmt = "[a-zA-Z0-9_-]"; + + if (empty($url)) return false; + if (eregi("^(($fmt){1,}\.){1,}($fmt){2,}(/(.[^\*][^ ])*)", $url)) return true; + return false; +} # ------------------------------------------------------------------------------ # is_masksubnet - check ip/mask # ------------------------------------------------------------------------------ @@ -1890,7 +1900,7 @@ function sg_check_dest($sgx, $input_errors) # url foreach ($ur as $u_it) - if ($u_it && !is_url($u_it)) $elog[] = "Item '$u_it' is not a url"; + if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url."; # check redirect sg_check_redirect($sgx[FLD_RMOD], $sgx[FLD_REDIRECT], &$elog); @@ -2089,4 +2099,4 @@ class TSgTag } } -?>
\ No newline at end of file +?> |